Threats to anonymity set at and above the application layer; HTTP headers

Kai Raven kairaven at arcor.de
Sat May 20 08:12:37 UTC 2006


Hi Seth,

On 20.05.2006/09:13, you wrote:

> I think a low-hanging target is the uniqueness of HTTP headers sent 
> by particular users of HTTP and HTTPS over Tor.  Accept-Language, 
> User-Agent, and a few browser-specific features are likely to reveal
>  locale and OS and browser version -- sometimes relatively uniquely,
>  as when someone uses a Linux distribution that ships with a highly 
> specific build of Firefox -- and this combination may serve to make 
> people linkable or distinguishable in particular contexts.

For this reasons i have changed the Accept-Language and User-Agent
header, but only for the locale. But
for OS, browser version (User-Agent) i'm often reading, that it is
necessary to fake the informations with the User-Agent header for
anonymity purposes. Imo the opposite is true. I'm sharing the same OS
and OS version, the same browser version with a lot of people, who have
installed the same.

I think, i have my headers (according to e. g.
http://en.wikipedia.org/wiki/User_agent and using the German Firefox
version):
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3
HTTP_ACCEPT_LANGUAGE=en-us,en;q=0.5
in common with a crowd of other "normal" users. Or with Linux - ok,
distributions have their specific builds of Firefox, but all or a lot of
users are using this build too, so i can hide myself in this crowd, if
the number of people is large enough. At the same time, i'm hiding, that
i'm a user from Germany.
Using a header like
HTTP_USER_AGENT: Mozilla/5.0 (Windows; U; en-US) Firefox
i would "tag" myself.
Or i'm wrong? Perhaps, i'm too optimistic, that users are using always
an actual browser version, when i'm looking at the date and version field.

> Privoxy does _not_, depending on its configuration, necessarily 
> remove or rewrite all of the potentially relevant HTTP protocol 
> headers.  Worse, different Privoxy configurations may actually 
> introduce _new_ headers or behaviors that further serve to 
> differentiate users from one another.

Ack. For this reasons, i have deactivated all functions for script,
cookie or ad filtering and header manipulation by simply commenting the
actionsfile options in the main configuration file.

# actionsfile standard  # Internal purpose, recommended
# actionsfile default   # Main actions file
# actionsfile user      # User customizations

So, Privoxy is only used as a wrapper for Tor (i don't like the Firefox
builtin socks_remote_dns function ) and i can only see, that Privoxy adds

May 20 08:29:14 Privoxy(02960) Header: addh-unique: Host: www.eff.org
May 20 08:29:14 Privoxy(01136) Header: addh: X-Forwarded-For: 127.0.0.1

For the handling of cookies, ads and scripts, i'm using Adblock,
NoScript, CookieButton and CookieCuller. Ok, that is difficult or
unusable in a networked environment with the need of centralized proxy
and client management.

> A remedy for this would be to try to create a standardized Privoxy 
> configuration and set of browser headers, and then try to convince as
>  many Tor users as possible to use that particular configuration. 
> (One way to do this is to try to convince everyone who makes a 
> Tor+Privoxy distribution or product to use the agreed-upon default 
> configuration.) The goal is not to prevent people from controlling 
> their own Privoxy configurations or doing more things to protect 
> their privacy; rather, it is to try to reduce the variety in headers
>  and behaviors seen by web servers contacted by Tor users on
> different platforms.

See above...couldn't default configurations and standardized browsers
/ proxys, used only by Tor & Privoxy users, reveal Tor users more easily,
if not used by all users?
I think, a Privoxy version with deactivated actions (or a simple, free
and secure socks_wrapper as a replacement for Privoxy) and a database with
User-Agent and Accept-Language headers (more relevant headers?) of
all browsers in all languages, as shipped by the OS or browser vendor
together with a short explanation, how to switch them permanently
(about:config, useragent...) or temporary with Extensions like User
Agent Switcher or PrefBar would be more useful.

-- 
Ciao
Kai

Homepage: http://kai.iks-jena.de/
Weblog: http://rabe.supersized.org/
OpenPGP: D6E995A0
Jabber: kraven at jabber.ccc.de





More information about the tor-talk mailing list