Torbutton: a.User Agent, b.Cookies Management

grarpamp grarpamp at gmail.com
Mon Dec 21 07:14:06 UTC 2009


>  When googling for Torbutton's UA, the results are uncommon

You need to post the UA you're talking about and their sources.

For reference, as of today, some current UA's via tcpdump are:

MSIE xp pro sp0 -> sp2 -> sp3 + all available windows updates
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET
CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR
3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

FF_WIN as above
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6)
Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)

FF_FBSD 8-STABLE
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.1.6) Gecko/20091218
Firefox/3.5.6

> using an outdated Fire-fox string should be frowned upon.

Agreed. But consideration needs given to the realworld
percentage of strings in use. It's not 100% all current releases
out there but some delay factor. Though that could warrant
keeping up anyways as torbutton will age too.

>  whether or not the "rv" and "gecko" bits to the UA string
>  should be disposed of for Torbutton use.

No. You want the actual strings in use by real systems as above. Not
some mangled standout. Though the null string has interesting
properties for possibly futzing up a site's log parsing.

>  Not every tor user uses Torbutton

It's certainly not necessary to use it.

> option of personal customization of the UA string and a few default
--
> use another browser extension for changing the UA

Not necessary due to built in browser config options.
tmtowtdi.

>  b. Cookies Management

I'd rather get back the FF ctrl-shift-delete and boom, state is
gone with a little drive light/noise as confirmation.
Now it pops up an annoying mandantory ack dialog that I
can't option out without editing the source :(
If I wanted cookies disabled, there's a config for that.

I'd kill for a tiny bottom right status bar light / keystroke toggle
for disable/enable: cookies, java, javacript

And I am taking suggestions on an extension that will allow me
to do all of:
- Force any given cookie to always have the same user or site set
value, ignoring any new values set by the site.
- Prevent any given cookie from being set in the browser in
the first place.
- Allow any given cookie to be set in the browser [for observation]
but not sent to the site.
- Save and restore given cookies to disk regardless of site set
expiration or session only values.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list