Shared TOR proxy privacy implications

I have a proxy set up on my network which I can route traffic over TOR. I watched this video whch was very helpful understanding the privacy issues : Is TOR Still Anonymous? and How Were People Caught Using TOR? - YouTube

I understand that if you use a user account on TOR then via your normal IP you are compromised, this is not the issue I want clarity on. It is more to do with network traffic at the TOR client level.

I have one machine that is isolated, only ever talks over TOR and internet user accounts are only ever used on that machine so it doesn’t leak (at least from a network / account perspective).

However if there is a “leaky user” somewhere else on the network using the same proxy and therefore TOR client , perhaps facebook, what is the implication? Assuming the proxy itself is not compromised.

Is TOR client traffic / session suitably isolated so the leaky client can never be correlated to my isolated client? Or could traffic going through my TOR client be associated?

If the data goes out the same exit node that just offers correlation data for someone watching.

Thanks, yes, I understood that much, but what determines which exit node(s) it goes out of?
Do you get a given exit node for a connection session (similar to a VPN IP)?
Is it per request and does that offer sufficient protection?

Are there strategies to mitigate the correlation risk?
The obvious one would be run two proxies, one for uber secure machine and one for general traffic.

The TOR system makes the exit node, not you.

But how does the TOR client establish a circuit?
It establishes it once and uses it for a duration for all traffic? that allows for correlation.
If it establishes a session per local IP, MAC, specific request, then correlation isn’t such an issue.

Listen to Secuirty Now Episode #394 & here is an article as well

1 Like

Thanks. So after a bit more reading and in particular this :

“Tor will reuse the same circuit for new TCP streams for 10 minutes, as long as the circuit is working fine. (If the circuit fails, Tor will switch to a new circuit immediately.)”
How often does Tor change its paths? | Tor Project | Support.

it seems it is not safe to share a proxy as even though my client my be secure, if another insecure client connects and logs in to facebook for example, the proxy will reuse the same circuit.

In conclusion I think I need a TOR client/proxy for super secure traffic and another for less secure.

FYI, TOR is for privacy, NOT security.

When I say secure vs insecure, I am referring to the extent to which the client is locked down to try and ensure my privacy …

I have one super locked down client that can only talk to TOR, firewall restricts all traffic in and out, only uses certain applications on it, and I only use logins that are exclusively used over TOR. This is my “secure” terminal.

This isn’t a practical setup as a daily driver or for other network users who might want to use TOR. So my “insecure” client is one where it might leak because it isn’t exclusive to TOR or because someone logs in to their email creating an association.