Opened 2 years ago

Last modified 7 months ago

#14382 new defect

Enable stream isolation

Reported by: proper Owned by:
Priority: Medium Milestone:
Component: Applications/Tor Messenger Version:
Severity: Normal Keywords:
Cc: arma, mikeperry, arlolra, sukhbir, gk, roguism Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Unless anything speaks against this, both IsolateDestAddr and IsolateDestPort should be enabled for Tor Messenger's SocksPort.

Child Tickets

Change History (9)

comment:1 Changed 2 years ago by arlolra

  • Cc arlolra sukhbir added

comment:2 follow-up: Changed 2 years ago by yawning

Per IRC:

06:22:04      armadev | sukhe: huh! hm. what are the arguments for and against?
06:22:23      armadev | i guess 'for' includes 'you shouldn't mix your protocols
                      | onto the same circuit, and besides tor messenger doesn't
                      | produce that many streams anyway'?
06:22:42      armadev | and 'against' includes 'what if somebody runs tor
                      | messenger to have a generic socksport, and then they
                      | hook their other app up to it?'

The approach I suggest requires adding code (and isn't as straightforward as just enabling 2 config options and being done with it) would be to use the IsolateSOCKSAuth option, enabled by default to accomplish this. It would be up to the application (in this case Tor Messenger) to logically group related SOCKS connections together by means of the authentication information provided, but it gives the app more fine grained control over how Tor will isolate things, and won't have any unintended sideeffects.

The drawback to using IsolateSOCKSAuth is that it requires writing the app side code to do this, but maybe the Tor Browser people have suggestions in that area.

comment:3 Changed 2 years ago by gk

  • Cc gk added

comment:4 Changed 19 months ago by roguism

  • Cc roguism added
  • Severity set to Blocker

comment:5 Changed 19 months ago by roguism

  • Severity changed from Blocker to Normal

comment:6 follow-up: Changed 15 months ago by arlolra

comment:7 in reply to: ↑ 6 Changed 15 months ago by cypherpunks

Replying to arlolra:

See https://blog.torproject.org/comment/reply/1151/162098 for another vote.

arlolra, thanks for mentioning that my comment. Actually, there is simple way of isolation that is implemented in Tor browser: different 'tabs' (AFAIK) uses different "authentication" string on SOCKS port, and this is enough for Tor to provide different circuits. Then, if somebody strictly wants to avoid mixing the circuits, he could just restart Tor browser and send -1 signal to Tor. However, this would not be so suitable for Tor messenger, where one needs to keep long living connection to different hosts simultaneously. So, despite "authenticaion method" would work, to be sure I prefer to be able to manually specify different SOCKS HOST:PORT for different accounts.

comment:8 in reply to: ↑ 2 Changed 15 months ago by cypherpunks

Replying to yawning:

Per IRC:

06:22:04      armadev | sukhe: huh! hm. what are the arguments for and against?
06:22:23      armadev | i guess 'for' includes 'you shouldn't mix your protocols
                      | onto the same circuit, and besides tor messenger doesn't
                      | produce that many streams anyway'?
06:22:42      armadev | and 'against' includes 'what if somebody runs tor
                      | messenger to have a generic socksport, and then they
                      | hook their other app up to it?'

If you reuse the TBB circuit isolation and simply set the socks authentication, there is no issue.

E.g.: socksusername=messenger://<<<ACCOUNT_ID>>>

Even better for potential multi-user setups sharing the same Tor would be to include (a hash of) PID / local IP address in the socks authentication.

comment:9 Changed 7 months ago by arlolra

  • Summary changed from enable Stream Isolation to Enable stream isolation
Note: See TracTickets for help on using tickets.