Kernel Level Tor Isolation

1

Tor has released Oniux for any Linux app to use Tor network isolation and prevent leaks at the kernel level. It offers many advantages over torsocks, so maybe this is a development worth following and thinking about as Delta Chat improves its Tor support.

I haven’t heard much about the state of Tor support in Delta Chat recently and I don’t know what the current state is, but I assume that the developers are quietly improving Tor support in core. It would be great to one day see Tor support built directly into Delta Chat as well as circuit isolation for each profile!

Related:

Multiple accounts in Delta Chat over Tor Necessitates Delta Chat Ensuring Tor Circuit Isolation

3 Likes
2

I use it on TAILS OS without issue after you change the proxy to SOCKS5.

But this sounds very promising, along with talk The TOR Project are re-writing it in RUST to solve the single channel bottleneck.

1 Like
3

Many Tor users don’t use stream (curcuit) isolation at all.
Not every mail client have support for it, but Delta Chat apps have it, so it would be a shame not to use it.

For using Tor stream isolation in current versions of DC apps, set proxy URL in form of socks5://user:pass@127.0.0.1:9050 for each mailbox account.
IP address and port (127.0.0.1:9050 in my example) may be different on your system, but usually should be the same for all your accounts on that system.
user:pass may be almost any string with : somwhere in the middle, unique for each mail account.

Example:

  • socks5://a:01@127.0.0.1:9050 - account #1, work chats
  • socks5://a:02@127.0.0.1:9050 - account #2, family chats
  • socks5://a:03@127.0.0.1:9050 - account #3, chat with very secret soulmate
    and so on.

How it works: Tor router’s SOCKS5 proxy will not actually check those user:password pairs against some database; it will use it in hashed form as a tag for marking routes that it builds through Tor network. In ideal conditions, every such tag will get it’s own route end exit node, so it will be more difficult to tie your mail accounts together.

For further reading I leave here old link from my bookmarks, but I’m sure there are better explanations available.

3 Likes
4

If Delta Chat now officially supports stream isolation in all its apps, this particular feature must have been released quietly, because I don’t remember reading about this. Is the feature officially supported now in all platforms? It would be great to see the devs acknowledge and promoted this more if this is the case!

5

It’s Tor feature. Any app connecting to Tor’ SOCKS proxy may use it by sending unique login/password combination to proxy.

BTW isolation not 100% guaranteed. Do your own research.

2 Likes