Enumerate background connections that Tor Browser makes on its catch-all circuit
I know that Tor Browser makes connections over the Tor network when I click on a page. But what does it load on its own, in the background? And on what time schedules?
I have three goals with asking:
Is my Tor Browser doing something in the background that is dangerous for my anonymity? An example here would be an ssl transparency design that uploads summary information about the ssl certs I've seen lately.
These background connections use the catch-all circuit, so they are isolated from the content that I intentionally load, but they are lumped into the same circuit with each other. Are there anonymity implications with combining any of these background connections together on the same circuit?
The Tor client has a bunch of logic to start saving bandwidth if you don't use it for a long while, but each of these background connections counts as "use", so the Tor client in a Tor Browser never does any of its bandwidth-saving measures. I wonder if there's some design where we stop doing the background things that don't need to be done, once the rest of Tor Browser has been idle for a while, or we give some way to tell the Tor client that those don't "really" count as use, or what. Maybe this idea will be too complicated to do, but the first step is understanding what connections we are receiving and why.
GeKo points out that tjr made a start at this list for an earlier esr: https://trac.torproject.org/projects/tor/ticket/21200#comment:4 and he also suggested that having this list documented (and thus I guess "kept up to date" too) in the "hacking" document would be a good move.