[tor-dev] Proposal: HTTP header distinguish TBB users
Virgil Griffith
i at virgil.gr
Sat Oct 3 12:34:55 UTC 2015
> Are we still trying to hide TBB users in the Mozilla browser crowd?
My understanding of this, because we make the exit relays public, that the
answer is "no". Correct me if I'm wrong.
> Are we making it even easier to identify and block TBB users?
Mildly so. But if an operator wants to block TBB users they don't need to
have much trouble using ExitRelay list or the MaxMind anonymous proxy list.
For what it's worth we had a similar discussion in tor2web over whether to
add the "x-tor2web" request header. We eventually decided to add it.
-V
On Sat, Oct 3, 2015 at 2:13 PM Tim Wilson-Brown - teor <teor2345 at gmail.com>
wrote:
>
> On 3 Oct 2015, at 14:10, Virgil Griffith <i at virgil.gr> wrote:
>
> (2) If we (Tor Project) is going to ask MaxMind to do something special to
> distinguish TBB users, it seems reasonable we should make the same effort.
> I know in the past it's been proposed for TBB to include a special HTTP
> header, e.g.,
>
> Tor-Browser-Bundle: true
>
> to distinguish TBB users. If this header existed, I could detect it at
> the CDN-level and do the appropriate redirect. Alternatively, We could do
> something equivalent with the "Via": HTTP header, but that seems overkill.
>
> Between these two options, I personally opt for (2) because it seems
> inappropriate to request MaxMind to help us do X when we have not done what
> we can do to achieve X.
>
> Q: Does anyone (especially Mike Perry) have any objections to (2)? If
> not, I will write the proposal.
>
>
> I think this kind of tagging has security implications, but I’m not sure
> what the tradeoffs are.
>
> Are we still trying to hide TBB users in the Mozilla browser crowd?
> Are we making it even easier to identify and block TBB users?
>
> Tim
>
> Tim Wilson-Brown (teor)
>
> teor2345 at gmail dot com
> PGP 968F094B
>
> teor at blah dot im
> OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20151003/a3ea5337/attachment-0001.html>
More information about the tor-dev
mailing list