Browser dos/don'ts ( was Re: Incognito Live CD using Polipo)
Ben Wilhelm
zorba-tor at pavlovian.net
Sat Oct 13 13:07:24 UTC 2007
TOR Admin (gpfTOR1) wrote:
> Robert Hogan schrieb:
>> Do:
>> Spoof user-agent (is this necessary even with javascript disabled?) (browser)
>
> I think, it is nessecary. Do this job in browser, because no proxy can
> do it for SSL-encrypted stuff. And change the fake time by time.
I disagree. Don't do anything that makes you stand out. That includes
changing to a multitude of fake user-agents.
Pick the most common user-agent and use it. That's probably whatever the
latest version of Firefox returns. (I'm assuming Tor traffic is
firefox-heavy - I may be wrong on this. IE6 or IE7 may be a better
choice. Remember, they can tell you're probably coming from Tor, so you
want to blend in with average Tor traffic.) Then only change it if the
"most popular browser" changes.
That way you blend in with the herd. It's easy to track the guy who's
using Bob's Krazy Web Browzur one day, and xXxDeAtHxXx the next day, and
"lol ive got a new useragent today" after that. It's not so easy to
track one guy out of ten thousand using Firefox.
-Ben
More information about the tor-talk
mailing list