[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Polipo web proxy

On Wed, Aug 23, 2006 at 03:02:48AM +0200, Juliusz Chroboczek wrote:
> > 6) Polipo writes your hostname in every request. Either define proxyName
> > to something else, or set [d]isableVia = true in your config file.
> This cannot be stressed enough.  Unfortunately, use of Via is a MUST
> according to RFC 2616 (it's not completely useless -- Polipo uses it
> to detect proxy loops).

If you're talking about section 14.45 of RFC 2616
then it doesn't seem to require any uniqueness. (This is good, since
Polipo adds a "Via: 1.1 localhost.localdomain" header for my browsing,
and I'd guess I'm not the only one of those out there. :)

So if you want to follow the RFC, would it be adequate to use the
pseudonym "polipo" in each case?

> Hmm, I guess I could have Polipo choose a random name on each startup
> -- that would satisfy both RFC 2616 and the privacy-conscious.

This approach is dangerous because it lets websites track Tor users by
this unique ID. This is exactly what we'd like to avoid: each Tor user
is recognizable later on, based on having the same name, even if he has
changed to a new exit node. A more subtle example of this attack would
happen if you decided to list the version of Polipo in the Via header --
then websites could narrow down which hits aren't from the same user.

So the two solutions that come to mind are to use a brand new random
string for every page, or to pick a string that everybody uses. The
latter approach seems less prone to error.

Hope this helps,