anonym:
> intrigeri:
>> So I hereby propose we stop tweaking the HTTP User-Agent sent
>> by htpdate.
> I agree.
https://labs.riseup.net/code/issues/12023
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To
hi,
adrelanos wrote (01 Dec 2012 15:53:06 GMT) :
Using Tor Browser through command line to view and safe the website.
This should perfectly emulate Tor Browser. Any idea how Firefox could be
interfaced? As far I know it has no command line option for this.
I guess Selenium should allow to do
Hi,
(Let's get rid of this old stalled discussion and free some mental
space of ours.)
intrigeri wrote (21 Oct 2012 08:57:55 GMT) :
anonym wrote (15 Oct 2012 13:14:24 GMT) :
OTOH it becomes easier to fingerprint Tails users on their side of
the pipe, which arguably is worse. Three *full*
intrigeri:
This page reads fingerprinting based on the known traffic pattern
when fetching the full page of any of the members of Tails' HTP source
pools is not possible; I've always understood, in this sentence, the
full page as meaning the page + all external resources it requires.
Ping?
adrelanos:
intrigeri:
This page reads fingerprinting based on the known traffic pattern
when fetching the full page of any of the members of Tails' HTP source
pools is not possible; I've always understood, in this sentence, the
full page as meaning the page + all external resources it
Hi,
anonym wrote (15 Oct 2012 13:14:24 GMT) :
OTOH it becomes easier to fingerprint Tails users on their side of
the pipe, which arguably is worse. Three *full* fetches of known web
sites are *much* more distinguishable than three header fetches of
known web sites, so Tails' startup traffic
14/10/12 14:28, intrigeri wrote:
Hi,
Ague Mill wrote (01 Oct 2012 09:27:09 GMT) :
I think the overhead of not using '--head' and doing a full GET
would be marginal. It would make it at least a little bit harder to
distinguish from other requests.
Fully agreed: this would make Tails'
Hi,
Ague Mill wrote (01 Oct 2012 09:27:09 GMT) :
I think the overhead of not using '--head' and doing a full GET
would be marginal. It would make it at least a little bit harder to
distinguish from other requests.
Fully agreed: this would make Tails' htpdate harder to distinguish
from the TBB
Hi,
Jacob Appelbaum wrote (01 Oct 2012 01:09:48 GMT):
[ about curl ]
In some testing we did, we found that it leaked DNS basically
everywhere unless you used some kind of HTTP proxy. :(
I'm curious what version of curl exposes that, and:
* Does curl's socks5h:// acts like socks5:// ?
My first post!
Speaking of the Appelbaum, check out this time daemon he wrote:
https://github.com/ioerror/tlsdate
It's not in debian repos, which is a strike against using it for tails.
But leaking DNS is pretty bad.
--D
On 10/3/12 2:47 PM, intrigeri wrote:
Hi,
Jacob Appelbaum wrote (01 Oct
Jacob Appelbaum:
intrigeri:
Hi,
adrelanos wrote (30 Sep 2012 22:25:31 GMT) :
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
FTR, this is left from the times when htpdate did run wget in the
clear (without going through Tor).
adrelanos:
Jacob Appelbaum:
intrigeri:
Hi,
adrelanos wrote (30 Sep 2012 22:25:31 GMT) :
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
FTR, this is left from the times when htpdate did run wget in the
clear (without going
Jacob Appelbaum:
adrelanos:
Jacob Appelbaum:
intrigeri:
Hi,
adrelanos wrote (30 Sep 2012 22:25:31 GMT) :
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
FTR, this is left from the times when htpdate did run wget in the
adrelanos:
Thus my suggestions:
- Keep only header. Safe users traffic, Tor's traffic and website traffic.
- Drop the user agent setting, it only gives a false sense of being in
the same anonymity set as Tor Button.
That is not the goal - the point is that you will say, drop that and no
one
On Mon, Oct 01, 2012 at 07:18:00AM +0200, intrigeri wrote:
Since you are also using curl and only download the header, does
faking the Tor Button user agent provide any additional benefit?
Couldn't the server quite easily distinguish from real Tor Button
users and tails_htp curl users?
Hello,
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
Since you are also using curl and only download the header, does faking
the Tor Button user agent provide any additional benefit? Couldn't the
server quite easily distinguish
adrelanos:
Hello,
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
Since you are also using curl and only download the header, does faking
the Tor Button user agent provide any additional benefit? Couldn't the
server quite
Jacob Appelbaum:
I'd be interested in using the same headers for tlsdate - so whatever
you guys end up using - lets try to make them look similar?
curl is already a good choice. Supports socks proxy settings, ssl
certificate pinning, strict https, tlsv1, only header...
That everyone uses the
Hi,
adrelanos wrote (30 Sep 2012 22:25:31 GMT) :
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
FTR, this is left from the times when htpdate did run wget in the
clear (without going through Tor).
Since you are also using curl
intrigeri:
Hi,
adrelanos wrote (30 Sep 2012 22:25:31 GMT) :
I am wondering about this line in /etc/default/htpdate:
HTTP_USER_AGENT=$(/usr/local/bin/getTorbuttonUserAgent)
FTR, this is left from the times when htpdate did run wget in the
clear (without going through Tor).
Since you
20 matches
Mail list logo