Tor Browser New Identity differs from restarting Tor Browser in Whonix

I’ve been researching this topic a bit and I’m going to disagree with some things that @Patrick said (!!).


Right. This is a Tor Browser issue. Whonix is not involved here. Shutting down and restarting is specific to Whonix (per HulaHoop’s comment.) Tor Browser has built-in circuit isolation features. A more descriptive title would be “Tor Browser circuit isolation”.


Other than clearing the application-level browser data, I do not know exactly what closing Tor Browser entails. However, the Torbutton New Identity function is well documented here: The Design and Implementation of the Tor Browser [DRAFT]

One thing that New Identity does that closing Tor Browser might not do is this…

After the state is cleared, we then close all remaining HTTP keep-alive connections and then send the NEWNYM signal to the Tor control port to cause a new circuit to be created.

This would explain why IP results differ between closing TB and issuing New Identity.


This is probabilistic evidence so make sure you run the test enough times to be sure. Even with “New Identity”, you’re IP address might stay the same: tor browser bundle - When I click "New Identity", why do I sometimes end up with the same exit relay? - Tor Stack Exchange


Assuming my edit of your question is what you intended, your web browsing was never (since TBB v4.5a1) limited to a single circuit. There are two ways that your browsing activities are isolated from each other:

1. Over time:
https://stem.torproject.org/faq.html#how-do-i-request-a-new-identity-from-tor

Tor periodically creates new circuits. When a circuit is used it becomes dirty, and after ten minutes new connections will not use it. When all of the connections using an expired circuit are done the circuit is closed.

2. By first-party domain name
Several places in the Whonix wiki (including Tor Browser Essentials) refer to Tor Browser Tab Isolation. AFAICT this is incorrect. Tor Browser should set SOCKS username for a request based on first party domain (#3455) · Issues · Legacy / Trac · GitLab explains that streams are isolated by SOCKSauth and that SOCKS username is a function of the base url first-party domain name. This can be seen by opening an arbitrary number of tabs and browsing to check.torproject.org. All of the tabs will show the same IP address. In order for multiple connections to the same website to use a different circuit, a separate instance of Tor Browser is required.


EDIT: Also of interest to OP, Tor Browser Bundle (TBB) new circuit versus new identity.

2 Likes