guardianproject/orbot

[Feature Request] Orbot's default SOCKS port settings could be better

Closed this issue · 4 comments

Is your feature request related to a problem? Please describe.
While using Orbot, I noticed two default SOCKS port settings differ from those used in conjunction with Tor Browser on desktop operating systems:

  • PreferIPv6 (which is enabled by default in Orbot)
  • IsolateDestAddr (which is disabled by default in Orbot)

The latter became obvious when multiple websites blocked my requests, displaying the same source IP address.

Describe the Solution You'd Like
To the best of my understanding, both of the discrepancies to Tor Browser on desktop operating systems are somewhat detrimental to the anonymity of Orbot users:

  • IsolateDestAddr being disabled by default is more critical, as it allows a single exit node to observe requests to multiple unrelated destinations. In contrast to Tor Browser, where a new circuit is used for every tab, Orbot users may experience a lower degree of anonymity, as their traffic characteristics can be enumerated better by a significantly smaller fraction of exit relay operators. Therefore, I'd like to see IsolateDestAddr being enabled by default in Orbot, just as it is the case in Tor Browser.
  • PreferIPv6 being enabled by default differs from Tor Browser's default setting as well, potentially permitting an exit node operator (or an adversary surveilling exit nodes) to distinguish between Tor traffic emanated by Orbot and regular Tor Browser users - if a destination is reachable via IPv6, the former userbase is likely to connect to it via IPv6, standing out from the overall Tor userbase. Therefore, aligning the default setting of PreferIPv6 with that of Tor Browser strikes me as sensible.

Describe the Alternatives You've Considered
N/A

Additional Context
N/A

IsolateDestAddr is not the default because you don't want all of the facebook thumbs to use the same circuit, you want all of the stuff on each page to use the same circuit.

Tor browser configures its socksport with the KeepAliveIsolateSOCKSAuth flag and then it indicates which things should be isolated from each other by user:password in the socks handshake. Tor browser also does not enable IsolateDestAddr.

I see, thank you for clarifying. Would it make sense to toggle IsolateDestAddr depending on the number of apps Orbot is configured to process network traffic for? Assuming more than one app is selected, my understanding is that correlating traffic at exit node level, as outlined above, remains a threat to the user's anonymity which can be mitigated by enabling IsolateDestAddr. Am I mistaken here?

Does this have any impact on the PreferIPv6 topic? Would you prefer a dedicated issue for that one?

I see, thank you for clarifying. Would it make sense to toggle IsolateDestAddr depending on the number of apps Orbot is configured to process network traffic for? Assuming more than one app is selected, my understanding is that correlating traffic at exit node level, as outlined above, remains a threat to the user's anonymity which can be mitigated by enabling IsolateDestAddr. Am I mistaken here?

Does this have any impact on the PreferIPv6 topic? Would you prefer a dedicated issue for that one?

Tor browser also uses the PreferIPv6 flag, so there is no reason to change that default setting.

Enabling IsolateDestAddr may improve privacy at the exit node, but it was not recommended to use when I asked about it in #tor.

Tor browser also uses the PreferIPv6 flag, so there is no reason to change that default setting.

I missed that when looking at its source code. Apologies for the noise.

Enabling IsolateDestAddr may improve privacy at the exit node, but it was not recommended to use when I asked about it in #tor.

Hm, I see. I guess this ticket can be closed then; thank you for your replies and the information! :-)