Opened 5 years ago

Last modified 2 years ago

#15660 new defect

[feature suggestion] Need signal to totally switch to the new set of circuits

Reported by: yurivict271 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: security needs-design tor-client
Cc: Actual Points:
Parent ID: Points: small
Reviewer: Sponsor:

Description

Currently there is the control command

SIGNAL NEWNYM

which according to specification "switches to clean circuits, so new application requests don't share any circuits with old ones." It however doesn't affect the old connections, which still go through the old set of circuits.

There is the legitimate need to completely switch to the new set of circuits, with termination of all old connections.

I am suggesting to add the parameter to NEWNYM signal. It can be a string parameter, to keep it general and explicit. Syntax that will work like NEWNYM but will also terminate old connection could look like this:

SIGNAL NEWNYM TERMINATE

The old syntax will assume this parameter to be empty, and will work like before.

On the user level, wherever they see the button "New Identity", they will either have another button next to it "New Identity (force-close old connections)", or the yes/no choice "force-close old connections" next to the original button.

My motivation: I had this question before myself, and now I saw somebody else asking it on tor-talk@: "Why my exit node doesn't change when I press 'New Identity' button?"

Child Tickets

Change History (9)

comment:1 Changed 5 years ago by yurivict271

Component: - Select a componentTor

comment:2 Changed 5 years ago by Sebastian

Doesn't sound too compelling. Just break the connections from the other side?

comment:3 Changed 5 years ago by yurivict271

How?

In general, how do users get the list of established through TOR connections on the running OS?

comment:4 Changed 4 years ago by teor

Keywords: security added
Milestone: Tor: 0.2.???
Points: small
Type: enhancementdefect

This might be a security / usability bug if users assume "New Identity" will change their exit. (I'm pretty sure this is what the New Identity documentation suggests.)

However, the "new exit for this circuit" in the latest TBB may resolve this issue.

Is this still an issue in Tor Browser 5.0?

comment:5 Changed 3 years ago by arma

Severity: Normal

I also think the tab isolation features in the recent Tor Browser designs should help this one a lot, for ordinary users.

What about the power users? I guess they could toggle disablenetwork on and off? I'm not super-excited to make it easy for people to add load to the Tor network when I don't understand their use case.

comment:6 Changed 3 years ago by teor

Milestone: Tor: 0.2.???Tor: 0.3.???

Milestone renamed

comment:7 Changed 3 years ago by nickm

Keywords: tor-03-unspecified-201612 added
Milestone: Tor: 0.3.???Tor: unspecified

Finally admitting that 0.3.??? was a euphemism for Tor: unspecified all along.

comment:8 Changed 2 years ago by nickm

Keywords: tor-03-unspecified-201612 removed

Remove an old triaging keyword.

comment:9 Changed 2 years ago by nickm

Keywords: needs-design tor-client added
Note: See TracTickets for help on using tickets.