[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] SocksPort: Circuit isolation is not Exit isolation

I noticed this when trying multiple SocksPort's. I ended up with
the following circuits, listed in order of command invocation:

port 8051 circ 35 nodes R1 R2 E1
port 8052 circ 34 nodes R3 R4 R5 E1

Note the same exit was selected.
Also, the second circuit was longer.

I don't think either of these two things are counter documented as
a function of socksport. Just posting it as observed for anyone
thinking multiple socks ports provide exit isolation when going to
the same destination <ip:port>. And for the extra hop thing.

AFAIK, to achieve exit isolation, instead of a single tor with
multiple socksports, you need to run multiple tor's with chosen
exit maps to that dest <ip:port>. If you run tor's but don't map
them, weighted chance will eventually cause simultaneous use of the
same exit. If you map them, you don't get the potentially desirable
traveler effect over time.

The typical use case is wanting to use multiple accounts on the
same site at once, with a guarantee that you're not appearing to
be from the same exit and thus are not as easily linked.

The guarantee would only apply across a single tor instance. And it
would require proper configuration and use of apps across socksports.

The ticket below relates to exit isolation, but in the context of
newnym, not socksport. The round robin bucketing aspect would be
useful under both. https://trac.torproject.org/projects/tor/ticket/6256
tor-talk mailing list