[tor-talk] TorBirdy seems to connect to the same exit node again and again
teor
teor2345 at gmail.com
Fri Apr 24 08:36:26 UTC 2015
>
> Date: Thu, 23 Apr 2015 20:06:09 -0400
> From: "l.m" <ter.one.leeboi at hush.com>
>
> Hi Sophie,
>
> …
> When using Tor Browser, the tor process is kind enough to take notice
> when using certain ports (WarnPlaintextPorts). So maybe TorBirdy
> should do the same. That is to say, make TorBirdy more verbose about
> choices for mail server port. Had you been warned that port 25 is not
> the port you're looking for you might have chosen differently. Even if
> the port was chosen temporarily, a reminder could've helped. To make
> things worse you have to switch between TorBirdy and Tor Browser to
> change identities. Then you have to run something like
> check.torproject.org to ensure your ip is different from a
> (potentially blocked) previous ip.
>
> So things TorBirdy could do better to avoid this problem in the future
> include:
> a) Be more verbose about choosing the mail server port. Possibly
> include a reminder which can be disabled. Warn when making a hazardous
> choice such as 25. A known abuse port and one which is blocked in the
> default exit policy and reduced exit policy.
> b) Provide new identity functionality in TorBirdy. It would need to be
> careful not to "step on the toes" of Tor Browser. To this end it could
> emulate the NEWNYM signal by leveraging stream isolation. New
> identities triggered by TorBirdy would create streams isolated from
> previous streams. By tracking streams associated with mail servers
> TorBirdy can ensure old connections are closed before new ones. It can
> do this in a way such that no interference occurs with Tor Browser.
> c) Enable TorBirdy to configure use of TrackHostExits/Expire. Purely a
> preference to deal with Tor Browser triggering a new identity when you
> might prefer to have TorBirdy continue to use the last exit for a
> time. If you've triggered a new identity in TorBirdy to avoid a
> blocked exit this could also mitigate the problem of a blocked exit
> being reused. Is there a better way to achieve the same result here?
You could run TorBirdy through its own instance of the tor client software, with a separate socks port.
This would avoid many of the issues you're trying to work around in b) and c), as TorBirdy could happily send NEWNYM to its own client instance all it liked. There is a slightly increased network load involved in running two instances, and there could be security implications of running separate tor clients - but mainly if their connections are distinguishable.
teor
teor2345 at gmail dot com
pgp 0xABFED1AC
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
teor at blah dot im
OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150424/a6ec2e51/attachment.sig>
More information about the tor-talk
mailing list