Opened 17 months ago

Last modified 17 months ago

#26586 new task

Enumerate background connections that Tor Browser makes on its catch-all circuit

Reported by: arma Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: gamma@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I know that Tor Browser makes connections over the Tor network when I click on a page. But what does it load on its own, in the background? And on what time schedules?

I have three goals with asking:

  • Is my Tor Browser doing something in the background that is dangerous for my anonymity? An example here would be an ssl transparency design that uploads summary information about the ssl certs I've seen lately.
  • These background connections use the catch-all circuit, so they are isolated from the content that I intentionally load, but they are lumped into the same circuit with each other. Are there anonymity implications with combining any of these background connections together on the same circuit?
  • The Tor client has a bunch of logic to start saving bandwidth if you don't use it for a long while, but each of these background connections counts as "use", so the Tor client in a Tor Browser never does any of its bandwidth-saving measures. I wonder if there's some design where we stop doing the background things that don't need to be done, once the rest of Tor Browser has been idle for a while, or we give some way to tell the Tor client that those don't "really" count as use, or what. Maybe this idea will be too complicated to do, but the first step is understanding what connections we are receiving and why.

GeKo points out that tjr made a start at this list for an earlier esr:
https://trac.torproject.org/projects/tor/ticket/21200#comment:4
and he also suggested that having this list documented (and thus I guess "kept up to date" too) in the "hacking" document would be a good move.

Child Tickets

Change History (1)

comment:1 Changed 17 months ago by cypherpunks

Cc: gamma@… added

These background connections use the catch-all circuit, so they are isolated from the content that I intentionally load, but they are lumped into the same circuit with each other. Are there anonymity implications with combining any of these background connections together on the same circuit?

If 1 is true then answer(2) is yes. FPI FTW!

Note: See TracTickets for help on using tickets.