Different IPs at the same time for the same tor process?

Hi guys, i am new to the board! I was really surprised the other day that when I start tor browser and use the socks port as a proxy in another browser the IPs seem to be different. I thought that one tor process always has one endpoint that it is connected to at the same time but Tor Browser seems to use the Tor Process differently than other browsers (even the firefox version it has been built on). I even wrote a test script in python (even replicating the user agent and other request headers) and - received another IP while connecting via the same socks port of the tor process started by the Tor Browser. Can anybody please explain why this is? This totally disrupts my understanding of how tor circuit building and the tor process work in general. Would love to learn why this is.

You can find out more about stream isolation from some projects that use Tor like:
https://tails.boum.org/contribute/design/stream_isolation/
https://www.whonix.org/wiki/Stream_Isolation/

1 Like

Thanks a lot for sharing this with me. This absolutely makes sense from a security stand point! The thing that surprises me though is the following:

The following graphic illustrates the difference of using Tor SocksPort’s compared to using Tor’s TransPort. Using a dedicated Tor SocksPort’s per application results in taking different routes through the Tor network per application. Not necessarily all Tor relays (first, second, third) get replaced by Tor. Sometimes just the first, sometimes just the second, sometimes just the third, and sometimes multiple Tor relays in the Tor circuit change.

Maybe I am reading this wrong, but if i use the same socksport as the tor browser, the IP should be the same, right? How would the port know what application uses it, especially if a script does basically the sames thing as the browser. Or maybe I am wrong about the socks port that the browser uses when using the underlying tor process. I still do not understand this detail although the link you provided was really helpful

I made a mistake in my previous post. The second link should be:

No trailing slash.

It is my understanding that by default the Tor Browser does not use the Socks port (by default 9150) of the Tor instance it launches/controls, so you won’t get the same IP.

1 Like

Okay, this was my assumption as this was what i found on the internet. Which socks port does it use then? is it randomized? Does anybody know :slight_smile: ?

Well, apparently, I was wrong… again.

After performing some quick tests, it seems that the “Tor Browser” connects to the usual 9150 port but creates different circuits for different URLs. The same stream isolation policy does not apply to external applications that connect to the same 9150 port - they all share the same circuit (default torrc).

As for how the Tor browser implements a different isolation functionality using the same port, there are some hints in the documentation at chapter 4.5:
https://2019.www.torproject.org/projects/torbrowser/design/#identifier-linkability
although some things are now quite outdated.

1 Like

This is a very complicated topic. I have checked the port as well and wanted to get back to you. The different circuits are not based on the domain. I did the following: I opened Tor Browser and used a simple service that just returns my IP as json. Then I used a python script that would make use of the underlying tor process of tor browser and the socket used (I just looked into the tor browser logs). What surprised me: Even If I send the exact same request to the same domain (also compared all headers, etc.) i was receiving a different result for the IP. It looks like Tor Browser is “isolating itself” by providing additional information to the tor process. How else would this work. The process seems to “know” the application using the socket port. Still wondering how that works exactly but I feel that this is a feature, not a bug.

1 Like

It is mentioned in the previous link, and you can see it used here for example:
https://gitlab-dev.torproject.org/tpo/applications/torbutton/-/blob/master/components/domain-isolator.js

At the cost of resources consumption, I usually like to use separate Tor instances for different purposes or, at least, use different socks ports, but never reuse the Tor instance of the Tor Browser.

I hope when the new documentation is out, the topic of stream isolation will get the visibility it deserves.