Threats to anonymity set at and above the application layer; HTTP headers

Fabian Keil freebsd-listen at
Sun May 21 14:45:08 UTC 2006

"Ringo Kamens" <2600denver at> top posted again:
> On 5/21/06, Fabian Keil <freebsd-listen at> wrote:
> >
> > "Ringo Kamens" <2600denver at> top posted:

> > > I have a few points to add. For one, if you choose a user-agent that
> > > is a linux build every time you start firefox (as opposed to having it
> > > default) then that could be used as court evidence to say:
> > > Well, I couldn't be xxx because he used a linux browser and I'm
> > > obviously on windows and my user-agent field isn't spoofed.
> >
> > I seriously doubt that any judge will fall for that one.

> Why wouldn't a judge/jury go for that. Let's make this a more real-life
> example. Somebody is murdered and a witness says they saw the suspect in a
> green car. If the suspect doesn't have a green car, it certainly helps his
> case. I see this as no different than any albi. It couldn't have been me
> because I'm not on linux.

That's not a good example. Faking the colour of your car takes a little
bit more effort and knowledge than to modify the User-Agent.

A better example would be a witness seeing a suspect with a hat
and sunglasses. If the suspect later has to defend himself at court,
his equivalent excuse would be: "Look, at the moment I'm wearing
neither a hat nor sunglasses, therefore it wasn't me".

The judge probably knows that getting a hat and sunglasses
(and dumping them after a crime) is quite easy.

If you are in the position to defend yourself, it means
there is already some evidence against you (or you are living
in a regime and nobody cares for your excuses anyway).

Not wearing a hat and sunglasses right now,
will not let them disappear.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <>

More information about the tor-talk mailing list