On Wed, Aug 23, 2006 at 03:02:48AM +0200, Juliusz Chroboczek wrote: > > 6) Polipo writes your hostname in every request. Either define proxyName > > to something else, or set [d]isableVia = true in your config file. > > This cannot be stressed enough. Unfortunately, use of Via is a MUST > according to RFC 2616 (it's not completely useless -- Polipo uses it > to detect proxy loops).
If you're talking about section 14.45 of RFC 2616 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.45 then it doesn't seem to require any uniqueness. (This is good, since Polipo adds a "Via: 1.1 localhost.localdomain" header for my browsing, and I'd guess I'm not the only one of those out there. :) So if you want to follow the RFC, would it be adequate to use the pseudonym "polipo" in each case? > Hmm, I guess I could have Polipo choose a random name on each startup > -- that would satisfy both RFC 2616 and the privacy-conscious. This approach is dangerous because it lets websites track Tor users by this unique ID. This is exactly what we'd like to avoid: each Tor user is recognizable later on, based on having the same name, even if he has changed to a new exit node. A more subtle example of this attack would happen if you decided to list the version of Polipo in the Via header -- then websites could narrow down which hits aren't from the same user. So the two solutions that come to mind are to use a brand new random string for every page, or to pick a string that everybody uses. The latter approach seems less prone to error. Hope this helps, --Roger
