Hi!
intrigeri:
> I'm coming back on the shared username/hostname thing, that was
> rediscussed a bit lately, with input from Freepto and pointers to
> Subgraph OS code, on a Tails ticket:
>
> https://labs.riseup.net/code/issues/5655
>
> As you can see in my comment #6 there, it's unclear to me what's best,
> between sharing fixed values and randomizing it. Each solution has
> pros and cons. What do you think?
It is indeed a hard decision.
Let's think again of examples where this might happen. And then
determine with which strategy users would be better off in which case.
- ssh uses <username> for login if not explicitly told otherwise
-> server knows you're a Tor user anyway -> better off with shared value
- <username> (as part of the path) is sometimes encoded into user
created content (images, firefox screenshot addon). Maybe only in user
installed extra packages.
-> when you upload them, server knows you're a Tor user anyway -> better
off with shared value
-> when you send the file to a third party (a journalist or so) who
"hides" the users use of Tor -> you might prefer a random value over a
shared one?
- mixmaster (postfix) leaks <host_name>.<domain_name> to the mailserver.
-> server knows you're a Tor user anyway -> better off with shared value
- IRC clients not (pre)configured for privacy leak ident = username
-> server knows you're a Tor user anyway -> better off with shared value
- Please don't nail me for other examples. These are just a few I observed.
Having these cases in mind, I slightly prefer shared value.
Cheers,
Patrick
