On Sat, Sep 22, 2007 at 11:36:41 +0100, Mark Brown wrote: > > > This means, in practice, that many sites will be able to track > > Debian users by their User-Agent, even if (say) the user is blocking > > cookies or limiting them to a single session and is changing IP > > address regularly. > > I would strongly expect that any user sufficiently concerned about > these issues to take active steps like those would be willing to use > things like either the user agent configuration availialbe one way or > another in most browsers or something like privoxy (possibly in > conjunction with tor) which will do the same things and more.
I think this misunderstands the problem. Having stronger privacy is like an insurance policy: most of the people who end up having needed it never knew they were going to need it. So they weren't going to have gone out and installed Privoxy (maybe with Tor) /and/ then examined it closely enough to realise that it doesn't alter their User-Agent by default, and configured it to masquerade as Firefox on Windows or something. Which brings us to a separate point: it's no use to have Privoxy configured to block User-Agent strings, since that means you'll be the one person with no User-Agent, which gives you an even smaller anonymity sets than the default debian packages. Yes, smart users will copy Firefox on Windows, which works -- so long as there isn't one little thing about their browser which gives away their platform. Cos then, they can be identified as the one guy running Iceweasel masquerading as Firefox on Windows. Also, plenty of debian users would have It really does help to have larger groups of people whose browsers are behaving the same way by default. In the case of Privoxy, this would mean having all of the default Privoxy distributions (and especially those that are shipped with Tor) use a single User-Agent. We were also planing to send those trivial Privoxy configuration patches, it'd be great if we could get the community to standardise on "Mozilla/5.0 (Privoxy)" or something. -- Peter Eckersley [EMAIL PROTECTED] Staff Technologist Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]