-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Enhancement] make use of stream circuit Isolation in Orbot mode 🧅 #8
Comments
Thanks. Would you know Orbot has an API for this? |
It is not needed? All can be done by the present implementation of socks5 authentication in rethinkDNS. For enabling the setting Only this already present authentication settings need a different per app socks5 username to be used automatically. The level of isolation may need to be discussed. Tor browser does it by default per hostname. If this is the wanted result to be matched. But to not mix destination of two apps for same destination. As two different apps could try to connect Google-Analytics.com, we want to isolate circuit use for both separate from each other to prevent linkage.
I have used app package names and destination's for identifier. Both should be actually known to rethink DNS anyway while connection decision of forwarding is done? |
Thanks for the detailed explanation. Both, per-http-hostname scheme and per-app scheme are implementable. |
Orbot settings allow user to already set the
Tor browser does it based on hostname, not Addr. It uses the per-hostname scheme
Orbot is currently missing the per-app scheme. |
Make use of tor/orbots stream circuit Isolating, by using dynamic socks5 username&password authentication for where it makes privacy Enhancement.
For now, if you visit embedded YouTube in browser and open YouTube app, both may share a circuit while you could have used different logins each and get tracked with same ip.
Suggested, isolate on a per app basis. May easily just use app package name as unique socks5 username and tor will never put streams from different apps together again. Alternatively authenticate with uuid. Also it could benefit from
KeepAliveIsolateSOCKSAuth
I'm aware, rethinkdns allows setting a permanent socks5 username&password authentication manually in the settings. But that's not useful for the idea here.
The text was updated successfully, but these errors were encountered: