#550 support IsolateSOCKSAuth (preventing identity correlation)

pending
Fabian Keil
5
2014-03-19
2012-07-08
james mitch
No

How to force redirect each application through separate Tor circuit, thus preventing identity correlation through circuit sharing?

Many applications, such as wget, apt-get, gpg, etc. do not speak socks, are unlikely to speak socks anytime soon, but support http.

torsocks is of no big help either. I think it has been designed, when identity correlation wasn't a big topic. By default torsocks uses /etc/torsocks.conf and also presses all applications started with usewithtor <app> into the same SocksPort (identity correlation again [1]). To me it also looks like torsocks is practically unmaintained, there is a critical bug open, IPv6 can leak real IP, no progress for a very long time. [2]

In an ideal world, Tor wouldn't only offer multiple SocksPorts, but also multiple HttpPorts. That's for some reasons, either not going to happen anytime soon. [3]

Previous discussion:
https://lists.torproject.org/pipermail/tor-talk/2012-June/024497.html

Now I try to come up with a better suggestion.

IsolateSOCKSAuth ( https://www.torproject.org/docs/tor-manual-dev.html.en ) will be soon available when Tor 0.2.3 gets released (soon, already available in the Tor stable deb repository).

How I wish it to work:
- user adds multiple http or socks ports to privoxy.conf
- if the parent proxy is a socks5 proxy (Tor)
- and if an option with a name like "IsolateSOCKSAuth" gets activated in privoxy.conf
- then use username:password@parent_proxy_ip:parent_proxy_port

(Username and password can be anything and doesn't matter. Simplest thing would be to use for example if http proxy port = 8119, socks_username = $http_proxy_port, socks_password = $http_proxy_port.)

Subsequently different http or socks listen ports were redirected to the same parent proxy ip/port, but using different socks auth and socks password, therefore streams would get isolated by Tor.

[1] https://trac.torproject.org/projects/tor/ticket/6102
[2] https://code.google.com/p/torsocks/issues/detail?id=37
[3] https://trac.torproject.org/projects/tor/ticket/6060

Discussion

  • Fabian Keil
    Fabian Keil
    2012-07-13

    • labels: --> Configuration
    • assigned_to: nobody --> fabiankeil
    • status: open --> pending
     
  • Fabian Keil
    Fabian Keil
    2012-07-13

    In the "previous discussion" you reference, I outlined multiple already-supported ways to allow Tor to separate the requests coming from Privoxy to make identity correlation of the clients harder.

    While IsolateSOCKSAuth is currently indeed not supported by Privoxy, it's not clear to me why you think it would in any way be better than the already existing mechanisms. At least to me it's just another mechanism to reach the same goal.

    As far as I'm concerned the only thing that Privoxy would need to leverage Tor's IsolateSOCKSAuth is socks authentication support which is already on my TODO list (with a very low priority, though).

    Patches for this are welcome (and there's an incorrect and incomplete one on the patch tracker), but I do not see the need for any Tor-specific option for this and I certainly wouldn't want to make it a global option that magically modifies the behavior for all socks 5 proxies.

    I usually use multiple socks 5 proxies at the same time and Tor is only one of them. Privoxy can't tell which is which and I don't believe it's any of Privoxy's business anyway.