[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Browser dos/don'ts ( was Re: Incognito Live CD using Polipo)

TOR Admin (gpfTOR1) wrote:
Robert Hogan schrieb:
Spoof user-agent (is this necessary even with javascript disabled?) (browser)

I think, it is nessecary. Do this job in browser, because no proxy can
do it for SSL-encrypted stuff. And change the fake time by time.

I disagree. Don't do anything that makes you stand out. That includes changing to a multitude of fake user-agents.

Pick the most common user-agent and use it. That's probably whatever the latest version of Firefox returns. (I'm assuming Tor traffic is firefox-heavy - I may be wrong on this. IE6 or IE7 may be a better choice. Remember, they can tell you're probably coming from Tor, so you want to blend in with average Tor traffic.) Then only change it if the "most popular browser" changes.

That way you blend in with the herd. It's easy to track the guy who's using Bob's Krazy Web Browzur one day, and xXxDeAtHxXx the next day, and "lol ive got a new useragent today" after that. It's not so easy to track one guy out of ten thousand using Firefox.