[T(A)ILS-dev] Iceweasel http.keep-alive

Delete this message

Reply to this message
Author: bertagaz
Date:  
To: tails-dev
Subject: [T(A)ILS-dev] Iceweasel http.keep-alive
Hi,

The LiveCDBestPractices [1] page of Torproject's wiki mentions that
iceweasel has a "network.http.keep-alive" setting in its configuration
that is said to be set to FALSE on this page.

This has to be thought before being implemented in T(A)ILS as there are
pros and cons.

Beginning by cons, disabling this setting would slow down the connections
to AJAX style websites like modern webmails or so.

But having it set to true would make iceweasel having persistent
connections to websites. Persistent connections sounds bad, because it
means a Tor route is maintained to a website for the time of this
connection, which could break the anonymity. It does also break the use of
the "new identity" button, when the user want to use another route to a
given website.

For what I can see in my browsing experience, when I watch the connections
with my own Vidalia, a lot of modern websites use AJAX to link to facebook
or similar, and I end up having persistent connections to that kind of
websites.

Having a look at this option, it seems there is also a
"network.http.keep-alive.timeout" setting, which by default seems to be
set to 5 minutes (I guess, cause my Iceweasel setting has this value, and
I don't remember having modified it).

So maybe an alternative would be to lower this timeout to something like 2
or 3 minutes only. But I'm not sure it would really close the persistent
connections. Usually "timeout" means the time to wait for the other side
to answer before closing the connection. This would require some tests.

Any opinion on this?

bert.


[1]
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/LiveCDBestPractices