Opened 7 years ago

Closed 4 years ago

#6102 closed enhancement (fixed)

Add warning related to Identity correlation through circuit sharing

Reported by: proper Owned by:
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Keywords:
Cc: proper Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

As long as #3455 and Tor 0.2.3 isn't ready, I recommend to add on https://www.torproject.org/download/download-easy.html.en a warning about Identity correlation through circuit sharing. Reference with problem description. [1] [2] [3] [4] [5]

I don't think many people are aware of the issue.

When you google you'll see, that people recommend, in order to torify various applications, to socksify using port 9050. Stream isolation, multiple SocksPorts and identity correlation are discussed nowhere.

And if those people mix different goals (let's say, hide location from chat server, registered with real name; and anonymous posting) or use multiple applications at once, they don't only theoretically risk their anonymity.

[1] https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Whatattacksremainagainstonionrouting

[2] http://archives.seul.org/or/talk/Dec-2004/msg00086.html

[3] https://trac.torproject.org/projects/tor/wiki/doc/Modes_Of_Anonymity

[4] https://lists.torproject.org/pipermail/tor-talk/2012-March/023535.html

[5] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ApplicationWarningsAndNotes#Identitycorrelationthroughcircuitsharing

Child Tickets

Change History (5)

comment:1 Changed 7 years ago by phobos

Priority: majornormal

comment:2 Changed 7 years ago by nickm

I think the most useful document here would be an explanation/howto/cookbook for the bundler and advanced user about using stream isolation in 0.2.3.x. It could also explain the issues with not having them at all (as 0.2.2.x).

comment:3 Changed 7 years ago by phobos

Owner: phobos deleted
Status: newassigned

comment:4 Changed 7 years ago by phobos

We need a paragraph of simple, bite-sized text to explain the risk here.

comment:5 Changed 4 years ago by Sebastian

Resolution: fixed
Status: assignedclosed

I think time solved this by now :/

Note: See TracTickets for help on using tickets.