How much do we want Tor Browser's per-tab circuit view?
Originally created by @anonym on #9298 (Redmine)
As mentioned in #9031 (comment 78670) it doesn’t come for free:
1. We will have to completely rewrite our tor-controlport-filter
; the
filter must handle concurrent connections (i.e. multiple clients), and
it must deal with asynchronous control port commands, like setevents
,
without blocking (e.g. after a setevents
you can issue other commands
over the same connection and get their responses). Writing such a filter
using stem
seems like the way to go. (Note that Whonix fork of
tor-controlport-filter
only supports concurrency, not asynchronous connections.)
2. Worse, this will expose stream/circuit-level Tor state to the browser, and the user running the browser (i.e. the amnesia user) which is worse than we have it now.
1 is “just” a dev time issue, but 2 is pretty bad. Of course, with Vidalia (soon Tor Monitor) we have something kinda similar but it will run as under a dedicated user, so the control port exposing that will not be directly available to the amnesia user, which reduces exploitability.
Related issues
- Related to #9391 (closed)