[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Proposal: Tor User Agent Carousel (TUAC)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Proposal: Tor User Agent Carousel (TUAC)
From: Sebastian Hahn <hahn.seb@xxxxxx>
Date: Fri, 4 Apr 2008 11:31:09 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 04 Apr 2008 05:31:52 -0400
In-reply-to: <18997.66.230.230.230.1207300579.squirrel@xxxxxxxxxxx>
References: <13457.80.67.172.19.1207298412.squirrel@xxxxxxxxxxx> <51DD9891-4ADF-4448-99EA-1359E51F38ED@xxxxxx> <18997.66.230.230.230.1207300579.squirrel@xxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx


On Apr 4, 2008, at 11:16 AM, lxixnxenoise@xxxxxxxxxxx wrote:

Hi, thank you for the reply!
"Also, when the user agent changes on a website that you loggedonto, they
are going to link the two"
This is a good point, if the rotation occurs during the period oflogin,
but one may choose a longer period between rotations, this still not
solving anything though if the user is logged in somewhere. If theuser islogging in somewhere, though, are the maintaining a static identity?Ifso, why? Would this not be a defeat in and of itself over a longperiod of
time, regardless of UA?
Aside from this, would they not link more from the browser than UA?So wehave two groups if we look at this simply, as a lot of tor usersseem to
like using the popular Windows UA:

Group 1: The real Windows users with the UA, most plugins enabled by
default, flash, javascript, etc.

Group 2: The tor users with the common Windows UA, most or all plugins
disabled
So group one is Charlie Brown in the standard t-shirt which neverchanges,and group two is Charlie Brown in the same t-shirt but with afootball in
his hands, the disabled plugins standing out.

So in addition to the TUAC idea (which, despite my naming of it, you
mentioned has already been suggested, which doesn't surprise me) Ipropose
this:

A way to safely spoof (without a negative result to either end) to the
websites that you have plugins enabled, java, javascript, Flash, andallof the rest, but somehow negating the incoming trasmission of saidcontentby passing it into some type of virtual shredder, some type of /dev/nullapproach. In this way Charlie Brown would not be holding thefootball in
being fingerprinted so easily.

Thank you for your other useful comments, I have removed them from my
reply to save space since I have no comments to share on them.
If this is offtopic since it does not directly have to do with toras youhave pointed out, I will take the suggestion to others instead.Thanks for
your kind attention! :)

I don't have much to say to that, except that you stick out as a Toruser because your request came through a tor server. The list of torservers is publicly accessible (which is necessary by design) and evenif you don't spoof anything you're still not the regular CharlieBrown. You need to "blend in" with the other Tor users, as you cannotblend in with anyone on the planet!

Attachment: PGP.sig
Description: This is a digitally signed message part

Follow-Ups:
- Re: Proposal: Tor User Agent Carousel (TUAC)
  - From: lxixnxenoise

References:
- Proposal: Tor User Agent Carousel (TUAC)
  - From: lxixnxenoise
- Re: Proposal: Tor User Agent Carousel (TUAC)
  - From: Sebastian Hahn
- Re: Proposal: Tor User Agent Carousel (TUAC)
  - From: lxixnxenoise

Prev by Author: Re: Proposal: Tor User Agent Carousel (TUAC)
Next by Author: Re: Proposal: Tor User Agent Carousel (TUAC)
Previous by thread: Re: Proposal: Tor User Agent Carousel (TUAC)
Next by thread: Re: Proposal: Tor User Agent Carousel (TUAC)
Index(es):
- Author
- Thread