On Thu, Aug 20, 2015 at 02:41:51PM +0000, Yawning Angel wrote:
What would be useful here is the number of onion addresses an average user visits. If it's small, something like this would probably be sufficient:
Browser generates/stores a long term salt.
On onion access, calculate SHAKE(salt | onion address) map that to a poker hand (5 card draw).
P(52,5) = 311,875,200 C(52,5) = 2,598,960
Goto 1.
The per-browser salt is a good way to prevent similar-hash attacks, but of course will go astray if the user reinstalls her Tor Browser or has multiple devices.
I'd caution about the poker hand, though. One year when I taught first-year undergraduate CS, we included an assignment that had to do with decks of cards and card games. A surprising number of people had never seen decks of cards before, and were unfamiliar with the concept. I did not observe whether the (un)familiarity was correlated with what part of the world they came from.
Perhaps a notification "You've never visited this site before" that pushes down from the top like some other notifications might go a long way?