Enable stream isolation

Unless anything speaks against this, both IsolateDestAddr and IsolateDestPort should be enabled for Tor Messenger's SocksPort.

added component::archived/tor messenger priority::medium resolution::wontfix severity::normal status::closed type::defect labels

Trac:
Cc: arma, mikeperry to arma, mikeperry, arlolra, sukhbir

Per IRC:

06:22:04      armadev | sukhe: huh! hm. what are the arguments for and against?
06:22:23      armadev | i guess 'for' includes 'you shouldn't mix your protocols
                      | onto the same circuit, and besides tor messenger doesn't
                      | produce that many streams anyway'?
06:22:42      armadev | and 'against' includes 'what if somebody runs tor
                      | messenger to have a generic socksport, and then they
                      | hook their other app up to it?'

The approach I suggest requires adding code (and isn't as straightforward as just enabling 2 config options and being done with it) would be to use the IsolateSOCKSAuth option, enabled by default to accomplish this. It would be up to the application (in this case Tor Messenger) to logically group related SOCKS connections together by means of the authentication information provided, but it gives the app more fine grained control over how Tor will isolate things, and won't have any unintended sideeffects.

The drawback to using IsolateSOCKSAuth is that it requires writing the app side code to do this, but maybe the Tor Browser people have suggestions in that area.

Trac:
Cc: arma, mikeperry, arlolra, sukhbir to arma, mikeperry, arlolra, sukhbir, gk

Trac:
Username: roguism
Severity: N/A to Blocker
Sponsor: N/A to N/A
Cc: arma, mikeperry, arlolra, sukhbir, gk to arma, mikeperry, arlolra, sukhbir, gk, roguism

Trac:
Username: roguism
Severity: Blocker to Normal

See https://blog.torproject.org/comment/reply/1151/162098 for another vote.

Trac:
Reviewer: N/A to N/A

Replying to arlolra:

See https://blog.torproject.org/comment/reply/1151/162098 for another vote.

arlolra, thanks for mentioning that my comment. Actually, there is simple way of isolation that is implemented in Tor browser: different 'tabs' (AFAIK) uses different "authentication" string on SOCKS port, and this is enough for Tor to provide different circuits. Then, if somebody strictly wants to avoid mixing the circuits, he could just restart Tor browser and send -1 signal to Tor. However, this would not be so suitable for Tor messenger, where one needs to keep long living connection to different hosts simultaneously. So, despite "authenticaion method" would work, to be sure I prefer to be able to manually specify different SOCKS HOST:PORT for different accounts.

Replying to yawning:

Per IRC: {{{ 06:22:04 armadev | sukhe: huh! hm. what are the arguments for and against? 06:22:23 armadev | i guess 'for' includes 'you shouldn't mix your protocols | onto the same circuit, and besides tor messenger doesn't | produce that many streams anyway'? 06:22:42 armadev | and 'against' includes 'what if somebody runs tor | messenger to have a generic socksport, and then they | hook their other app up to it?' }}}

If you reuse the TBB circuit isolation and simply set the socks authentication, there is no issue.

E.g.: socksusername=messenger://<<<ACCOUNT_ID>>>

Even better for potential multi-user setups sharing the same Tor would be to include (a hash of) PID / local IP address in the socks authentication.

Trac:
Summary: enable Stream Isolation to Enable stream isolation

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true: https://blog.torproject.org/sunsetting-tor-messenger

luckily there are alternatives: https://blog.torproject.org/tor-heart-onion-messaging

.. and maybe someday

• https://cwtch.im (#27364)
• https://github.com/warner/magic-wormhole/issues/8

Trac:
Status: new to closed
Resolution: N/A to wontfix

closed