Bug 4177

Summary: Reduce fingerprinting when using TOR proxy
Product: Claws Mail (GTK 2) Reporter: George <removed-gdpr>
Component: OtherAssignee: users
Status: NEW ---    
Severity: enhancement    
Priority: P3    
Version: 3.17.4   
Hardware: PC   
OS: All   

Description George 2019-03-15 13:20:40 UTC
When using TOR proxy it would be good to have additional anonymity enhancing mechanism reducing the possibility of fingerprinting based on "typical connections" (e.g. connecting to the same mail servers, RSS feeds etc) through the same TOR identity.

A little research shows that this is possible. The user has to set a ControlPort and use HashedControlPassword or CookieAuthentication, then request a new identity like this:

https://stem.torproject.org/faq.html#how-do-i-request-a-new-identity-from-tor

I have tried the "telnet version" with a short bash script works fine (assuming localhost and ControlPort 9051):

#!/bin/bash
read -p "Tor controller password: " password

cat <<EOF | nc 127.0.0.1 9051
AUTHENTICATE "${password}"
SIGNAL NEWNYM
quit
EOF

Perhaps a more intelligent approach for implementing similar identity control functionality in CM would be to use the Stem API (https://stem.torproject.org/api/control.html). Then CM can use a new TOR identity/circuit for each separate connection (individual RSS feed, IMAP, POP, NNTP or other connection). Also it may be possible to use parallel TOR circuits (https://tor.stackexchange.com/q/12116) which would help not to impose a big compromise between speed and privacy.
Comment 1 Andrej Kacian 2019-03-15 21:10:02 UTC
A pragmatic solution would be to add a "pre-connection" hook to be fired before an outgoing network connection is made, and have some Tor enthusiast write a plugin to use this hook to do whatever needs doing.
Comment 2 George 2019-03-15 23:29:20 UTC
Perhaps if Claws can call such a pre-connection hook script, then even the short example I shared here will work (with some fine tunning, e.g. using a CookieAuthentication or hard coding the password).