Threats to anonymity set at and above the application layer; HTTP headers
freebsd-listen at fabiankeil.de
Sun May 21 14:45:08 UTC 2006
"Ringo Kamens" <2600denver at gmail.com> top posted again:
> On 5/21/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
> > "Ringo Kamens" <2600denver at gmail.com> top posted:
> > > I have a few points to add. For one, if you choose a user-agent that
> > > is a linux build every time you start firefox (as opposed to having it
> > > default) then that could be used as court evidence to say:
> > > Well, I couldn't be xxx because he used a linux browser and I'm
> > > obviously on windows and my user-agent field isn't spoofed.
> > I seriously doubt that any judge will fall for that one.
> Why wouldn't a judge/jury go for that. Let's make this a more real-life
> example. Somebody is murdered and a witness says they saw the suspect in a
> green car. If the suspect doesn't have a green car, it certainly helps his
> case. I see this as no different than any albi. It couldn't have been me
> because I'm not on linux.
That's not a good example. Faking the colour of your car takes a little
bit more effort and knowledge than to modify the User-Agent.
A better example would be a witness seeing a suspect with a hat
and sunglasses. If the suspect later has to defend himself at court,
his equivalent excuse would be: "Look, at the moment I'm wearing
neither a hat nor sunglasses, therefore it wasn't me".
The judge probably knows that getting a hat and sunglasses
(and dumping them after a crime) is quite easy.
If you are in the position to defend yourself, it means
there is already some evidence against you (or you are living
in a regime and nobody cares for your excuses anyway).
Not wearing a hat and sunglasses right now,
will not let them disappear.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: not available
More information about the tor-talk