Open Bug 1377509 Opened 3 years ago Updated 10 months ago
Enable Fennec to populate first party domain as socks username
Tor on Desktop populates the SOCKS username, which is used by Tor to provide a different circuit per tab. We should enable this same behavior in Fennec.
Amogh and/or Arthur, could you expand on what it is we need to do specifically for this?
Tor Browser (desktop) creates a new Tor circuit for each first-party domain (URL bar domain). So two tabs (and all associated requests) with the same first-party domain use the same circuit, but two tabs with different first-party domains use different circuits. This functionality is implemented in torbutton, here: https://gitweb.torproject.org/torbutton.git/tree/src/components/domain-isolator.js but of course it could be refactored as a patch in the gecko codebase. Briefly, by default, the Tor process has the IsolateSOCKSAuth option enabled, which means "Don’t share circuits with streams for which different SOCKS authentication was provided." So domain-isolator.js assigns a new username/password combination for each new first-party domain. In our current implementation, the username is set to the first-party domain, and the password is set to a nonce, which allows us to force a new circuit for the same first-party domain as needed. A new nonce is created whenever the user chooses the option "New Tor Circuit for this Site". The implementation works as follows: to assign SOCKS username/passwords, domain-isolator.js uses a "proxy filter" to intercept nascent http channels. The first party domain is obtained by: `firstPartyDomain = channel.loadInfo.originAttributes.firstPartyDomain;` and then a new proxyInfo object is created, same as the channel's original one but with SOCKS username and password added. SOCKS username and passwords are displayed in "circuit status" responses in Tor's control port protocol. So that's a good way to confirm that circuits are being correctly assigned a first-party domain. (Tor's circuit display makes use of the control port this way: https://gitweb.torproject.org/torbutton.git/tree/src/chrome/content/tor-circuit-display.js)
3 years ago
Priority: P2 → P3
Re-triaging per https://bugzilla.mozilla.org/show_bug.cgi?id=1473195 Needinfo :susheel if you think this bug should be re-triaged.
Priority: P3 → P5
10 months ago
You need to log in before you can comment on or make changes to this bug.