Tor supports stream isolation, meaning that streams used for separate purposes can be forced to use separate circuits, making it harder for observers to tell whether the streams belong to the same client. Clients can activate this feature by specifying a SOCKS username and password - streams with different SOCKS credentials will be isolated from each other.

Using stream isolation for our hidden service connections may help to prevent Tor relays from learning which hidden service addresses belong to contacts of the same user. That information could be used to help identify the user or her contacts. On a larger scale it might also be used to build an anonymised social graph of hidden service addresses, which could then be deanonymised by comparing it with other social graphs (https://33bits.org/).

However, it's not clear whether stream isolation would prevent this information leak, as Tor may re-use existing circuits for publishing and retrieving hidden service descriptors (see https://gitweb.torproject.org/torspec.git/plain/rend-spec.txt).

Find out:

• Whether stream isolation applies to publishing and retrieving HS descriptors
• Whether stream isolation has a bandwidth cost due to using more circuits