著者: Tobias Frei 日付: To: tails-dev 題目: Re: [Tails-dev] [Freepto] Let's share username,
/etc/hostname and /etc/host among all anonymity distributions
Hi,
I wonder if the idea of using a random username has a serious problem:
It makes every [Tails / anonymity distribution] session uniquely
identifiable if the username gets sent in any way. And we *do* assume
that it gets sent, because that's basically the idea behind the
question what username should be used.
Maybe I completely misunderstand this, but using a random username for
every session basically sounds like creating a random (and unique!)
stamp for every session. Not for every connection, but for every
session, so that multiple connections in one session will share one
unique username.
Patrick Schleizer mentioned IRC idents as an example; maybe that's a
good way to explain the problem:
- - John Doe starts Tails. His username for this session will be
"ombbjp8GTE".
- - John Doe starts an IRC client. He says something that should
absolutely remain anonymous.
- - John Doe closes the IRC client and surfs a bit.
- - John Doe starts an IRC client again, this time on another network
where he happily chats with some friends next to his Iceweasel window.
==> Anyone who sees both the happy chatting on network 2 and the
anonymous information on network 1 knows that it has been sent by the
same user, and probably even who this user is.
With one default nick for all users, this could not have happened.
I'm unsure how severe this issue is, but it would make me suggest
*not* using a random username.