NEWNYM can be removed from CPFP


ID: 525
PHID: PHID-TASK-7hknz7kkmfivfl5trjvw
Author: HulaHoop
Status at Migration Time: invalid
Priority at Migration Time: Normal


Recent changes to Torbutton make NEWNYM whitelisting in CPFP no longer necessary. Its good to remove rules that are no longer relevant to tighten the filter. Yawning confirms no other Tor software makes use of this command besides TBB which doesn’t need controlport access for it.

(Needs to be tested to confirm first)


  • Disable CPFP
  • Visit check.tpo
  • New identity
  • Re-visit check.tpo to confirm IP change


Assuming Tor Browser works as advertised, the only reason it needs control port access for this sort of use case is the circuit display (as of torbutton commit 36d849291ec0b20a58cccc2cd846fcd2540c9bbe, sending NEWNYM should be unnecessary if domain isolation is applied to everything).



2016-07-22 12:44:40 UTC