[tor-bugs] #26586 [Applications/Tor Browser]: Enumerate background connections that Tor Browser makes on its catch-all circuit
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jun 30 19:10:25 UTC 2018
#26586: Enumerate background connections that Tor Browser makes on its catch-all
circuit
------------------------------------------+----------------------
Reporter: arma | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
I know that Tor Browser makes connections over the Tor network when I
click on a page. But what does it load on its own, in the background? And
on what time schedules?
I have three goals with asking:
* Is my Tor Browser doing something in the background that is dangerous
for my anonymity? An example here would be an ssl transparency design that
uploads summary information about the ssl certs I've seen lately.
* These background connections use the catch-all circuit, so they are
isolated from the content that I intentionally load, but they are lumped
into the same circuit with each other. Are there anonymity implications
with combining any of these background connections together on the same
circuit?
* The Tor client has a bunch of logic to start saving bandwidth if you
don't use it for a long while, but each of these background connections
counts as "use", so the Tor client in a Tor Browser never does any of its
bandwidth-saving measures. I wonder if there's some design where we stop
doing the background things that don't need to be done, once the rest of
Tor Browser has been idle for a while, or we give some way to tell the Tor
client that those don't "really" count as use, or what. Maybe this idea
will be too complicated to do, but the first step is understanding what
connections we are receiving and why.
GeKo points out that tjr made a start at this list for an earlier esr:
https://trac.torproject.org/projects/tor/ticket/21200#comment:4
and he also suggested that having this list documented (and thus I guess
"kept up to date" too) in the "hacking" document would be a good move.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26586>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list