Threats to anonymity set at and above the application layer; HTTP headers
Nick Mathewson
nickm at freehaven.net
Sun May 21 19:17:01 UTC 2006
On Sat, May 20, 2006 at 02:37:39PM -0400, Ringo Kamens wrote:
> I have a few points to add. For one, if you choose a user-agent that
> is a linux build every time you start firefox (as opposed to having it
> default) then that could be used as court evidence to say:
> Well, I couldn't be xxx because he used a linux browser and I'm
> obviously on windows and my user-agent field isn't spoofed.
I'm not a lawyer, so I'm not going to comment on your legal theories.
But from a technical anonymity perspective, choosing an unusual user
agent probably isn't a good idea: if 100K Tor users appear to be using
user agent X, and you use a less popular user agent Y, it's easier for
websites and observers to build a pseudonymous profile for your actions.
This is why I'd really like this discussion to arrive at an improved
privoxy configuration to ship with Tor: even if you, personally, know
a better configuration than the default, you might still be better off
using the default configuration in order to blend in with a larger
crowd.
See the "Anonymity loves company" paper for more discussion.
yrs,
--
Nick Mathewson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 654 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060521/d3b4dcd5/attachment.pgp>
More information about the tor-talk
mailing list