Re: [Tails-dev] Setting curl's user-agent to the same as Tor…

This message is part of the following thread:
M\the complete thread tree sorted by date
MMintrigeri at <-
MMintrigeri at ->
Delete this message

Reply to this message
Author: jvoisin
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Setting curl's user-agent to the same as Tor Browser?
On 06/22/2014 11:32 AM, intrigeri wrote:
> Hi,
>
> on the one hand, for an attacker that only looks at the user-agent
> header, telling curl to use the same value for it as the Tor Browser
> would make it part of a larger anonymity set.
>
> On the other hand, the fingerprint of curl probably differs in many
> other ways. So, for an attacker that looks at it more closely, a curl
> HTTP client pretending to be Firefox is part of a very small
> anonymity set.
>
> Against which one of these attackers do we want to optimize Tails for?
I don't think that tweaking curl is a good idea:

- Making it looking like Firefox for HTTPS won't be an easy task, since
there is a lot of black-magic involved here.

- Against an active attacker, I'm quite sure that she'll find an oracle
anyway.

- A passive attacker on HTTP can most of the time becoming an active one.

So, the only case where this could be useful is clear-text http, which
you shouldn't use over Tor anyway.

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-[Tails-dev] Setting curl's user-agent to the same as Tor Browser?Re: [Tails-dev] Setting curl's user-agent to the same as Tor Browser?->
lists.autistici.org administrated by postmasterLurker (version 2.3)