[tor-dev] Proposal: HTTP header distinguish TBB users

Carlin Bingham cb at viennan.net
Sat Oct 3 14:40:25 UTC 2015


On Sun, 4 Oct 2015, at 01:13 AM, Tim Wilson-Brown - teor wrote:
> 
>> On 3 Oct 2015, at 14:10, Virgil Griffith <i at virgil.gr> wrote:
>> 
>> (2) If we (Tor Project) is going to ask MaxMind to do something special to distinguish TBB users, it seems reasonable we should make the same effort.  I know in the past it's been proposed for TBB to include a special HTTP header, e.g.,
>> 
>> Tor-Browser-Bundle: true
>> 
>> to distinguish TBB users.  If this header existed, I could detect it at the CDN-level and do the appropriate redirect.  Alternatively, We could do something equivalent with the "Via": HTTP header, but that seems overkill.
>> 
>> Between these two options, I personally opt for (2) because it seems inappropriate to request MaxMind to help us do X when we have not done what we can do to achieve X.
>> 
>> Q: Does anyone (especially Mike Perry) have any objections to (2)?  If not, I will write the proposal.
> 
> I think this kind of tagging has security implications, but I’m not sure what the tradeoffs are.
> 
> Are we still trying to hide TBB users in the Mozilla browser crowd?
> Are we making it even easier to identify and block TBB users?

If any sites do start blocking users based on the header (and not also based on IP) it will push people into using a non-TBB browser to access Tor.


--
Carlin


More information about the tor-dev mailing list