[Whonix-devel] #20555 [Core Tor/Tor]: stream isolation for DNS and hidden service descriptor cache

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Nov 3 17:02:56 CET 2016

#20555: stream isolation for DNS and hidden service descriptor cache
     Reporter:  adrelanos     |      Owner:
         Type:  defect        |     Status:  new
     Priority:  Medium        |  Milestone:
    Component:  Core Tor/Tor  |    Version:
     Severity:  Normal        |   Keywords:
Actual Points:                |  Parent ID:
       Points:                |   Reviewer:
      Sponsor:                |
 Seems like Tor's DNS cache ({{{CacheIPv4DNS}}}, {{{CacheIPv6DNS}}}) and
 caching of hidden service descriptors is cached globally.

 The first connection in stream one resolves all DNS or hidden service
 descriptors. But follow up connections in separate streams to the same
 website do not resolve and use Tor's cache.

 So webservers could provide a slightly unique version of their website per
 visitor. Each visitors browser could be instructed to load additional
 content from varying hostnames. Due to caching vs non-caching it might be
 possible to make visitors pseudonymous rather than anonymous.

 The problem is that Tor's cache is global and not stream isolated.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20555>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the Whonix-devel mailing list