Stream isolation for DNS
Seems like Tor's DNS cache (CacheIPv4DNS
, CacheIPv6DNS
) and caching of hidden service descriptors is cached globally.
The first connection in stream one resolves all DNS or hidden service descriptors. But follow up connections in separate streams to the same website do not resolve and use Tor's cache.
So webservers could provide a slightly unique version of their website per visitor. Each visitors browser could be instructed to load additional content from varying hostnames. Due to caching vs non-caching it might be possible to make visitors pseudonymous rather than anonymous.
The problem is that Tor's cache is global and not stream isolated.