Is there a general security advice to disable the Tor connection (e.g. on Whonix-Gateway) when not actively using the Tor connection?
I am thinking of a scenario where a user accesses Tor several times daily. Should he in-between disconnect from Tor when he does not actively using the Tor connection to mitigate risks of being de-anonymized by a global adversary?
In my opinion, I think it’s safe to actively use TOR for browsing. Just keep in mind to separate your personal stuff. I use TOR for TOR related materials, casual browsing. My personal browsing (email, banking, etc) goes out via clearnet. Hope this helps…
Yes, but not from a security point of view. If the client is not using Tor then why keep a connection open. Connect when needed.
My Tor usage is like above.
I see this differently. Similar to a Whonix-Gateway, I route all of my traffic across Tor. I have multiple Tor clients in use, and by default a Tor client will create a new circuit (if not in use) every ten minutes. I could choose to only run a Tor client when I wanted anonymity using a few megabytes per month, or I could use it for everything (including the Tor relay middle-node) and use upward of a terabyte per month. If an adversary were faced with attempting to brute force decrypt a few megabytes or a terabyte to find a needle in a haystack, I think I know which one would be harder for them.
For a variety of great, well-supported reasons; I’d advise you to keep the connection open.
I want to thank you for your replies.
To summarize based on the posts of @Torceror and @alec it is beneficial to keep the connection open even when not used actively. Main reason is that it is harder for an adversary to de-anonymize you.
@alec Could you please state or reference to further reasons?
Hope it is in order that I tag you because you provided great solutions recently in other topics. @solids
Do you know the answer or could point me to the right direction? I would be glad if you could assist here.
What’s the difference between disabled and not actively used for your adversary? Does tor send the guard heartbeat packets even in idle?
Thanks for jumping in.
Disabled means I stopped the Tor service (i.e. on Whonix-Gateway) that means no connection is established. No Tor circuit is built. An adversary can not detect a Tor connection because there is no connection.
Not actively used means I am connected to Tor, i.e. a Tor circuit or several Tor circuits are built (Whonix-Gateway is conneceted). As I can see those circuits without being browsing or performing other activities I assume that an adversary is able to see that I am connected to Tor.
However yes, this would mean that packets are sent in idle.
Do you have an idea where we could verify this?
The connection or circuit is just theoretical and hypothetical. Only TCP packets will count effectively.
However yes, this would mean that packets are sent in idle.
I’m not sure if tor will send anything if no clients actively asked.
Do you have an idea where we could verify this?
Already capturing it.
Have waited for 30 minutes since a manual socks5 request with curl was sent to tor’s 9159 port. Port changed from 9150 to 9159 to prevent possible other programs I configured before.
There’s not even a single packet other than these triggered by the earlier request.
I suppose now the answer is no; you need not disable tor for that purpose.
Very helpful and thanks for providing this huge support.
Just to clarify: When building the initial Tor circuits packets are sent (connections are established e.g. when clicking on connect in Whonix-Gateway). After that no packets are sent. This covers all outgoing traffic, i.e. all kind of packets and not only TCP packets, is that correct?
No, I mean there are must be initial packets at the circuit building stage, but after that, only if a client asks will tor send any other packets.
For example, after the circuit was built, if you were in Whonix and opened a webpage in Firefox, your requests were forwarded to tor and there will be packet destination to the guard relay. But if you close every network client, including Firefox, aka ‘not actively used’, no further packets will be sent, not to mention seen by the adversary.
Tor protocol is TCP only.
It is clear now. Thanks for elaborating and being patient.
Initially there are many Tor circuits built like on Whonix-Gateway. Do you know in which cases or when these initial circuits need to be ‘rebuild’ or somehow ‘reconnect’ if this ever happens? This would mean that packets are sent again.
Do yo know in which cases completely new, additional circuits are built? Maybe after a specified time frame without being ‘active’ (e.g. browsing)?
Do you know in which cases or when these initial circuits need to be ‘rebuild’ or somehow ‘reconnect’ if this ever happens? This would mean that packets are sent again.
Do yo know in which cases completely new, additional circuits are built? Maybe after a specified time frame without being ‘active’ (e.g. browsing)?
I now consider my 30 minutes testing before isn’t enough.
CircuitsAvailableTimeout NUM
Tor will attempt to keep at least one open, unused circuit available for this amount of time. This option governs how long idle circuits are kept open, as well as the amount of time Tor will keep a circuit open to each of the recently used ports. This way when the Tor client is entirely idle, it can expire all of its circuits, and then expire its TLS connections. Note that the actual timeout value is uniformly randomized from the specified value to twice that amount. (Default: 30 minutes; Max: 24 hours)
DormantClientTimeout N minutes|hours|days|weeks
If Tor spends this much time without any client activity, enter a dormant state where automatic circuits are not built, and directory information is not fetched. Does not affect servers or onion services. Must be at least 10 minutes. (Default: 24 hours)
But no further testing is needed seeing this. And considering your use case,
a user accesses Tor several times daily
You probably should disable it manually, or more wisely, utilize tor’s ‘Dormant Mode’ by reducing the DormantClientTimeout from the default 24 hours.
Learning so much thank you for your help and references to understand this topic.
Is my understanding right that one or more circuits are kept open at least 60 minutes (‘twice that amount’) up to 24 hours? And it is not defined how many of the initial built circuits are kept open. Is that right?
Regarding DormantClientTimeout from my understanding entering this state means there are no further circuits automatically built (saving bandwidth) but it does not state what happens with the initial built circuits or am I wrong here?
This leads to other questions: How many circuits are built initially and when further circuits are build additionally? Do you know if and where this is specified?
Is my understanding right that one or more circuits are kept open at least 60 minutes (‘twice that amount’) up to 24 hours?
No, from the specific value (default 30 minutes) to 60 minutes (‘twice that amount’).
And it is not defined how many of the initial built circuits are kept open. Is that right?
I haven’t find any.
Regarding DormantClientTimeout from my understanding entering this state means there are no further circuits automatically built (saving bandwidth) but it does not state what happens with the initial built circuits or am I wrong here?
I suppose ‘all of its circuits’ here include the initial one.
...This way when the Tor client is entirely idle, it can expire all of its circuits, and then expire its TLS connections.
This leads to other questions: How many circuits are built initially and when further circuits are build additionally? Do you know if and where this is specified?
No idea. But you can skip the initial circuit building, see DormantOnFirstStartup.
Thanks again very much for explaining and answering in detail. This makes is very understandable. Marked your answer as solution.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.