On Friday, November 24, 2017 at 6:48:13 PM UTC, entr0py wrote:
> Yuraeitha:
> > On Friday, November 24, 2017 at 9:01:24 AM UTC, Bernhard wrote:
> >> Hello,
> >>
> >> one of the most useful features of tor-browser is Ctl-Shift-L to change
> >> the tor-path (and so, with high proba, the exit node IP) : this way,
> >> websites that block a specific exit node for a certain time can be still
> >> loaded (of course some fascist websites block all tor-exits and so that
> >> this measure does not help) .
> >>
> >> I feel that the same feature would be useful in other applications (in
> >> particular in thunderbird). How can this be done? Maybe a "forced
> >> reconnect" of IMAP connections suffices, but apart totally restarting
> >> thunderbird I don't see how this can be done. Any hints? Or is there
> >> good reason not to torify mail-fetching? Or never via IMAP?
> >>
> >> thank you, Bernhard
> 
> Each request to your Tor client (in sys-whonix) via SocksPort is accompanied 
> by a SOCKS username and password. By clicking "New Tor Circuit for this Site" 
> in Tor Browser, you are changing the password component, which causes the Tor 
> client to generate a new circuit for the same first-person domain when a 
> request is received.
> 
> Thunderbird is torrified by an extension called TorBirdy. Your requested 
> feature has been tracked for quite some time (5 years) but appears nearing 
> implementation now that Thunderbird-related roadblocks have been cleared. 
> (https://trac.torproject.org/projects/tor/ticket/6359) Also, the main reason 
> for that ticket is not circuit swapping but stream isolation. At present 
> (Whonix bonus), each different email server you connect to is given a 
> different circuit. With #6359, multiple accounts at the same email provider 
> can also be isolated by circuit.
> 
> Currently, you can generate new circuits for all future Tor requests by using 
> the "New Identity" feature via one of the following equivalent options:
> 1. From anon-whonix, use "New Identity" in Tor Browser. (applies to all Tor 
> connections, not just the browser.)
> 2. From sys-whonix, use arm/nyx (monitoring tool) to send New Identity request
> 3. From sys-whonix, send SIGNAL NEWNYM via telnet to 127.0.0.1:9051
> 
> 
> > More specially towards the question at hand, I think it's tricky to do 
> > something like that in Thunderbird, but I'm not a programmer, so I wouldn't 
> > know for sure. However, if you think about how it works in 
> > Qubes/Whonix/Tor, then the Tor browser appears to be tunneling Tor-Browser 
> > within Tor(Sys-whonix), basically doubling the onion layers compared to a 
> > regular Tor browser. I'm not entirely sure if this is the case, it's just 
> > something I figured must be the case. 
> 
> This is not correct. Tor-over-Tor is discouraged[1] and unlikely to work in 
> the future[2]. Whonix prevents Tor-over-Tor.[3][4]
> 
> [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#ToroverTor
> [2] https://trac.torproject.org/projects/tor/ticket/2667
> [3] https://www.whonix.org/wiki/DoNot#Prevent_Tor_over_Tor_Scenarios
> [4] https://www.whonix.org/wiki/Dev/anon-ws-disable-stacked-tor

ah, good I made a disclaimer :') 
Though, it does seem rather unsafe to run multiple of qubes over the same exit 
nodes in the Tor network. 

The most dangerous security issue out there, imho at least, is the assumption 
you are safe, when you are not. If what you're saying is true, and I'm 
confident it is given your background, then this might cause some dangerous 
user habits on Qubes in particular, beyond that what is a concern by using just 
Whonix/Tor? Similar issue probably exits between Whonix and Tor, but to a 
lesser extent as Qubes does not have any warnings about this, which is 
particular a concern when it's easier to mess up in Qubes, and run the same 
applications over the same exit nodes, at the same time. 

I did hear the warning of not running Tor over Tor before, though it was so 
long back that only the Tor browser was around back then. I had assumed it'd 
been fixed by now on Whonix and in particular Qubes. Especially considering the 
dangerous trap Whonix and in particular Qubes creates when running more on the 
same exit node. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d56719b1-dcaf-4cd8-bc24-249ca7455989%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to