Hi there, thanks for your idea. Please find my comments below: On Apr 4, 2008, at 10:40 AM, lxixnxenoise@xxxxxxxxxxx wrote:
I would like to propose an idea to the Tor community, in the hope thatsomeone with the coding skills could pick up on it and run with it to makeit a reality. The idea is a simple one, I call it: Tor User Agent Carousel (TUAC) - What is Tor User Agent Carousel? (TUAC)It's an idea I'm proposing as a feature to be added to Tor Button, Tork, Vidalia, or perhaps just a plugin for Firefox. It would allow the Tor user to configure when their browser's user agent changes and how often, either by randomly timed (role of the dice sort of time period) intervals or a user defined set time (week,day,hour,seconds,etc.). TUAC would read the user agents from a text file containing a list of user agents which the user may add to with their own custom strings at any time. The rotation of the user agent would be at random every time, or perhaps there could be an additional choice for the user to select between several user agents (from within the text file containing a list of user agents) to rotate betweenin addition to the random feature.
This has actually been asked for before. Please see https://www.torproject.org/volunteer.html #Research, #11.
About the implementation: This has nothing to do with Vidalia or TorK, as both programs work with Tor preferences, but not with your everyday webbrowsing. It also doesn't belong with Tor, because Tor is protocol- agnostic, which means that we don't inspect traffic to change http- headers (also, this wouldn't work for https-connections). So really, if such a feature were to be implemented, the right place would in fact be Torbutton or privoxy or some other proxy.
- Isn't there already a plugin for changing the browser's user agent? Can't Privoxy also do this? Yes and yes, but these are operations the user must *manually* perform each time they wish to change the user agent. In my searching on theinternet I've found no plugin or program which allows Firefox (or otherbrowsers) to rotate the user agent randomly and/or according to a setpattern of time. This is why the image of a carousel came to me, with the rotation of animals being symbolic of the user agent rotation I believetor users should have.
You believe they should have that option, but does it help or hurt anonymity? I do think it hurts, more below (also, this ist just what *I* think, without any proof!)
Please note that in most cases it is trivial to detect whether traffic comes through the Tor-network or not. So, if you use the standard user agent provided by Torbutton, you can be identified to be "someone who uses Tor and Torbutton between version x and y" (those two versions are the versions that set that specific user agent). So when you change the reported user agent frequently, does that mean that your anonymity gets better? No, it doesn't! Now, you're a user who uses Tor and Torbutton and also uses the user agent toggling script - a lot less people are going to use that, until the new version is widely adopted, which takes time. Also, when the user agent changes on a website that you logged onto, they are going to link the two. Again, the above is just what I think of the problem, nothing based on research!
- Couldn't this be just a browser plugin rather than an addition to a Tor-specific program? Sure, like many of the Firefox plugins, I'm sure it would be a great addition, even for the non-Tor users. However, I believe it would beespecially useful for Tor users, so I'm suggesting it here, as not all of us use Firefox for Tor, so could this feature be added to another programfor Tor users regardless of browser? For Privoxy users, the UA can be changed manually within one of the configuration files, but this meansPrivoxy must be restarted for the change to be honored. Is there some wayaround this, or could this just be done without touching Privoxy? What about other programs used by Tor users, Tork? Vidalia? Polipo? Others?
See above why there are only two choices, really onle a browser plugin as it should work with https-traffic as well.
[snip] Thank you for your consideration
I hope I have given you something to think about, and maybe, when some research shows it is worthwhile, it will be implemented in Torbutton - but someone has to sort out the facts, first
Description: This is a digitally signed message part