Threats to anonymity set at and above the application layer; HTTP headers
Seth David Schoen
schoen at eff.org
Mon May 22 02:39:52 UTC 2006
Nick Mathewson writes:
> But from a technical anonymity perspective, choosing an unusual user
> agent probably isn't a good idea: if 100K Tor users appear to be using
> user agent X, and you use a less popular user agent Y, it's easier for
> websites and observers to build a pseudonymous profile for your actions.
> This is why I'd really like this discussion to arrive at an improved
> privoxy configuration to ship with Tor: even if you, personally, know
> a better configuration than the default, you might still be better off
> using the default configuration in order to blend in with a larger
> See the "Anonymity loves company" paper for more discussion.
That is the kind of idea that I have in mind. If we assume that all
web sites can tell which connections are from Tor users (for example,
by consulting a blacklist of Tor exit node IP addresses), then Tor
users can't increase the size of the anonymity set by using different
user-agent (etc.) from other Tor users.
I suppose I'm assuming that Tor users would like to increase the size
of the anonymity set in order to get better anonymity. It's true that
there are cases in which they might not like to do this, for example
if they simply want to hide their physical location without hiding
their identity (e.g. in cases of domestic abuse). In that sense, there
may be more than one definition of anonymity set.
It is also true that Tor users who are afraid of being accused of being
responsible for other Tor users' activities might want to do things that
they believe would let them make the case that they were _not_ a
particular oher user. Do we need to discuss how common these different
motives are among different Tor users?
Staff Technologist schoen at eff.org
Electronic Frontier Foundation http://www.eff.org/
454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
More information about the tor-talk