Hi,
intrigeri (4 years ago):
> anonym wrote (15 Oct 2012 13:14:24 GMT) :
>> OTOH it becomes easier to fingerprint Tails users on their side of
>> the pipe, which arguably is worse. Three *full* fetches of known web
>> sites are *much* more distinguishable than three header fetches of
>> known web sites, so Tails' startup traffic flow then becomes
>> a distinctive pattern to look for. Think "Bayesian classifiers"
>> which was all the rage a year or two ago.
> In case it was not clear: what is proposed is a GET of the page only,
> not going back to "wget --mirror" and fetch the page and all related
> resources.
> Web browsing recognition based on known traffic patterns I've read
> about was based on page + resources fetches, which provide quite more
> room traffic/time data to work on.
> How well would this class of attacks do with a HTML page fetch or
> three? (Not a rhetorical question :)
I'm dropping this idea, and closed #5924 as rejected.
But I'd like to go back to adrelanos' initial point, from which we
have derailed at some point, by trying to fix in a different way
(looking even more like Tor Browser) the problem he was raising.
tl;dr: assuming that Tor Browser basically never issues HTTP HEAD
requests, our current usage of htpdate, that pretends being Tor
Browser, makes it stand out of other users of curl over Tor.
So I hereby propose we stop tweaking the HTTP User-Agent sent
by htpdate.
Cheers!
--
intrigeri
