Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#5461 closed defect (fixed)

Circuit reused after New Identity is selected

Reported by: cypherpunks Owned by: mikeperry
Priority: High Milestone: TorBrowserBundle 2.2.x-stable
Component: Firefox Patch Issues Version:
Severity: Keywords: MikePerry201205
Cc: Actual Points: 0
Parent ID: Points: 0
Reviewer: Sponsor:

Description

Not sure if this is a fault of Tor Browser or TorBrowserButton, it would seem that the latter is at fault, but it's a recent regression (it didn't occur in 2.2.35-7.1) and TorButton version didn't change, so I'm a little confused.

Anyway here's the jist, one of the websites I visit (let's call it IP1) detects if certain Tor exit nodes are used and if the IP is blacklisted it redirects (server-side 302) to a specific URL in another domain (let's call it IP2). In the previous TBB, I just selected New Identity from Tor Button and if I was lucky to have a "clean" exit node IP in the new identity, there would be no redirect. In 2.2.35-8 however, I can try New Identity as many times as I want and it will keep redirecting if I had stumbled on a blacklisted exit node once. I have verified by looking at open circuits in Vidalia's Tor Network Map that this is not because the website has banned more Tor exit nodes. I noticed that after I press New Identity, the circuit for "IP1" remains open. Also, loading IP1 in the browser does NOT open a new connection to IP1, it automatically goes straight to IP2 in a new circuit. If I manually close the "stalled" circuit for IP1, I can finally access the website (if the new connection to IP1 comes from a circuit with a "clean" exit node).

TorBrowserButton should ensure that ALL circuits are closed when New Identity is selected. Otherwise, a website can create unique redirects for every connection and identify users across TorButton identities.

Child Tickets

Change History (8)

comment:1 Changed 8 years ago by cypherpunks

Btw, Windows 7 if it matters.

comment:2 Changed 8 years ago by mikeperry

Component: TorBrowserButtonFirefox Patch Issues
Milestone: TorBrowserBundle 2.2.x-stable
Priority: normalmajor

Mother fucker... This is probably due to some form of HTTP keepalive. I actually patched Firefox to try to kill keepalive'd connections on New Identity (See https://gitweb.torproject.org/torbrowser.git/blob/master:/src/current-patches/firefox/0011-Provide-an-observer-event-to-close-persistent-connec.patch), but there is now either a regression, or the patch wasn't applied this build (sadly not impossible), or perhaps the sites in question are using spdy (which is new in Firefox 11) or some other mystery is afoot.

My guess is if you wait 20 seconds, you won't experience the circuit re-use. Am I right? That was the case for me on MacOS. (Note that 20 second is our new reduced HTTP Keep-Alive timeout).

comment:3 in reply to:  2 Changed 8 years ago by cypherpunks

Replying to mikeperry:

My guess is if you wait 20 seconds, you won't experience the circuit re-use. Am I right? That was the case for me on MacOS. (Note that 20 second is our new reduced HTTP Keep-Alive timeout).

Yes, after about 20 seconds of idle time the connection is closed and a new circuit is opened if there's a new connection.

perhaps the sites in question are using spdy (which is new in Firefox 11)

I don't think this is the case here.

but there is now either a regression, or the patch wasn't applied this build (sadly not impossible)

Given a very similar pattern to #5416 (there used to be a problem -> it was fixed with a patch at some point -> now regressed in 2.2.35-8 and everything works fine in 2.3.12-alpha-1), I think something went awry in the patching process. Whether it's caused by Firefox 11 or something in your production process for Windows builds, I have no idea.

comment:4 Changed 7 years ago by mikeperry

Keywords: MikePerry201205 added

comment:5 Changed 7 years ago by cypherpunks

Not an issue anymore in TBB 2.2.35-9. I guess we're lucky this time round.

comment:6 Changed 7 years ago by proper

I can't reproduce it as well. Imho we can close this one.

comment:7 Changed 7 years ago by mikeperry

Actual Points: 0
Points: 0
Resolution: fixed
Status: newclosed

Hot. Ok great. Closed. Thanks a lot for reporting, guys. Reopen if the situation changes.

comment:8 Changed 7 years ago by arma

See #6042 for a related and possibly overlapping problem.

Note: See TracTickets for help on using tickets.