Why wouldn't a judge/jury go for that. Let's make this a more real-life example. Somebody is murdered and a witness says they saw the suspect in a green car. If the suspect doesn't have a green car, it certainly helps his case. I see this as no different than any albi. It couldn't have been me because I'm not on linux.
<br><br>
<div><span class="gmail_quote">On 5/21/06, <b class="gmail_sendername">Fabian Keil</b> <<a href="mailto:freebsd-listen@fabiankeil.de">freebsd-listen@fabiankeil.de</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">"Ringo Kamens" <<a href="mailto:2600denver@gmail.com">2600denver@gmail.com</a>> top posted:
<br><br>> On 5/20/06, Fabian Keil <<a href="mailto:freebsd-listen@fabiankeil.de">freebsd-listen@fabiankeil.de</a>> wrote:<br>> > Kai Raven <<a href="mailto:kairaven@arcor.de">kairaven@arcor.de</a>> wrote:
<br>> ><br>> > > On 20.05.2006/09:13, you wrote:<br>> > ><br>> > > > I think a low-hanging target is the uniqueness of HTTP headers sent<br>> > > > by particular users of HTTP and HTTPS over Tor. Accept-Language,
<br>> > > > User-Agent, and a few browser-specific features are likely to reveal<br>> > > > locale and OS and browser version -- sometimes relatively uniquely,<br>> > > > as when someone uses a Linux distribution that ships with a highly
<br>> > > > specific build of Firefox -- and this combination may serve to make<br>> > > > people linkable or distinguishable in particular contexts.<br>> > ><br>> > > For this reasons i have changed the Accept-Language and User-Agent
<br>> > > header, but only for the locale.<br>> ><br>> > I use a generated Firefox User-Agent string which is rebuild<br>> > every few minutes by <<a href="http://www.fabiankeil.de/sourcecode/uagen.pl">
http://www.fabiankeil.de/sourcecode/uagen.pl</a>>.<br>> ><br>> > While I don't blend in with the Windows using crowd, the User-Agent<br>> > is different for each website visit and therefore can't be used to
<br>> > track my visits.<br>> ><br>> > The website owner might notice that I don't surf<br>> > with a windows box, that I use Tor and probably Privoxy,<br>> > block cookies and don't execute his code, but I can live
<br>> > with that and it's not enough information for a unique<br>> > fingerprint.<br><br>> I have a few points to add. For one, if you choose a user-agent that<br>> is a linux build every time you start firefox (as opposed to having it
<br>> default) then that could be used as court evidence to say:<br>> Well, I couldn't be xxx because he used a linux browser and I'm<br>> obviously on windows and my user-agent field isn't spoofed.<br><br>I seriously doubt that any judge will fall for that one.
<br><br>> As far as referrers goes, you can either use referrer blocking or<br>> spoofing (Always make the referrer the root of the site) and blend in<br>> with the crowd well.<br><br>Blocking all referrers or to rewrite them all to
<br>the root web site is the easiest way _not_ to blend in<br>with the crowd. The referrer will be invalid most<br>of the time!<br><br>It's also not necessary: if you haven't changed<br>the host, your referrer doesn't give away any information
<br>the web site owner couldn't gain by checking the server log.<br><br>It is sufficient to only block the referrer if the host has<br>changed. Not only that, it is also harder to detect, a web site<br>change looks as if the user followed a bookmark or typed/pasted
<br>in the address herself; the following requests are all valid.<br><br>Conditional blocking can only be detected if the web site is spread<br>over several hosts, but that's the only case where it isn't superior<br>to root site faking or generic blocking (which both would be detected
<br>as well).<br><br>Fabian<br>--<br><a href="http://www.fabiankeil.de/">http://www.fabiankeil.de/</a><br><br><br></blockquote></div><br>