[Users] [Bug 4177] New: Reduce fingerprinting when using TOR proxy

[noreply at thewildbeast.co.uk]

https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4177

            Bug ID: 4177
           Summary: Reduce fingerprinting when using TOR proxy
    Classification: Unclassified
           Product: Claws Mail
           Version: GIT
          Hardware: PC
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P3
         Component: Other
          Assignee: users at lists.claws-mail.org
          Reporter: removed-gdpr at example.com

When using TOR proxy it would be good to have additional anonymity enhancing
mechanism reducing the possibility of fingerprinting based on "typical
connections" (e.g. connecting to the same mail servers, RSS feeds etc) through
the same TOR identity.

A little research shows that this is possible. The user has to set a
ControlPort and use HashedControlPassword or CookieAuthentication, then request
a new identity like this:

https://stem.torproject.org/faq.html#how-do-i-request-a-new-identity-from-tor

I have tried the "telnet version" with a short bash script works fine (assuming
localhost and ControlPort 9051):

#!/bin/bash
read -p "Tor controller password: " password

cat <<EOF | nc 127.0.0.1 9051
AUTHENTICATE "${password}"
SIGNAL NEWNYM
quit
EOF

Perhaps a more intelligent approach for implementing similar identity control
functionality in CM would be to use the Stem API
(https://stem.torproject.org/api/control.html). Then CM can use a new TOR
identity/circuit for each separate connection (individual RSS feed, IMAP, POP,
NNTP or other connection). Also it may be possible to use parallel TOR circuits
(https://tor.stackexchange.com/q/12116) which would help not to impose a big
compromise between speed and privacy.

-- 
You are receiving this mail because:
You are the assignee for the bug.