[Enhancement] make use of stream circuit Isolation in Orbot mode 🧅

[4-FLOSS-Free-Libre-Open-Source-Software]

Make use of tor/orbots stream circuit Isolating, by using dynamic socks5 username&password authentication for where it makes privacy Enhancement.

For now, if you visit embedded YouTube in browser and open YouTube app, both may share a circuit while you could have used different logins each and get tracked with same ip.
Suggested, isolate on a per app basis. May easily just use app package name as unique socks5 username and tor will never put streams from different apps together again. Alternatively authenticate with uuid. Also it could benefit from KeepAliveIsolateSOCKSAuth

I'm aware, rethinkdns allows setting a permanent socks5 username&password authentication manually in the settings. But that's not useful for the idea here.

[ignoramous]

Thanks. Would you know Orbot has an API for this?

[4-FLOSS-Free-Libre-Open-Source-Software]

Orbot has an API for this?

It is not needed? All can be done by the present implementation of socks5 authentication in rethinkDNS.

For enabling the setting KeepAliveIsolateSOCKSAuth SocksPort flag, the control Port can be used. But this is not required for this issue.

Only this already present authentication settings need a different per app socks5 username to be used automatically.
Example:
com.celzero.bravedns

The level of isolation may need to be discussed.

Tor browser does it by default per hostname. If this is the wanted result to be matched. But to not mix destination of two apps for same destination. As two different apps could try to connect Google-Analytics.com, we want to isolate circuit use for both separate from each other to prevent linkage.
For example the socks5 username could look like:

1. com.celzero.bravedns_rethinkdns.com
2. org.mozilla.fenix_rethinkdns.com

I have used app package names and destination's for identifier. Both should be actually known to rethink DNS anyway while connection decision of forwarding is done?

[ignoramous]

Thanks for the detailed explanation. Both, per-http-hostname scheme and per-app scheme are implementable.

[4-FLOSS-Free-Libre-Open-Source-Software]

Orbot settings allow user to already set the IsolateDestAddr socksport flag.

IsolateDestAddr

Don’t share circuits with streams targeting a different destination address.

Tor browser does it based on hostname, not Addr. It uses the per-hostname scheme
This is not exacly the same. Since one Hostname can have multiple IP Addr:

rethinkdns.com → 104.21.13.53
               → 172.67.154.200
               → 2606:4700:3032::6815:d35
               → 2606:4700:3036::ac43:9ac8

Orbot is currently missing the per-app scheme.