Hello! I have a Client machine with TorButton (Tor client + Firefox + Privoxy + TorButton) and a Server machine with Apache. But when I'm trying to connect from Client to Server through TOR network I see that there's my information on HTTP-headers on Server side that last OR gives to my Apache. So, AFAIU last OR has all information about me? Isn't it disclosure of information? I think that it would be better if TorButton changes or deletes HTTP-headers that could disclose me. For example, at least TorButton could hide my Host header, by it doesn't.. Is it a bug or what?
GET / HTTP/1.1 Host: ***MY***REAL***IP*** User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: windows-1251,utf-8;q=0.7,*;q=0.7 If-Modified-Since: Sat, 26 Sep 2009 15:50:51 GMT If-None-Match: "883d5-2d-4747d076a8cc0"-gzip Cache-Control: max-age=0 Connection: close HTTP/1.1 200 OK Date: Sun, 31 Jan 2010 14:08:29 GMT Server: Apache/2.2.9 (Ubuntu) Last-Modified: Sat, 26 Sep 2009 15:50:51 GMT ETag: "883d5-2d-4747d076a8cc0"-gzip Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 56 Connection: close Content-Type: text/html ............(....I.O....0..,Q(./..V....l.!..`U\.QU.f-... *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
