Hi! intrigeri: > I'm coming back on the shared username/hostname thing, that was > rediscussed a bit lately, with input from Freepto and pointers to > Subgraph OS code, on a Tails ticket: > > https://labs.riseup.net/code/issues/5655 > > As you can see in my comment #6 there, it's unclear to me what's best, > between sharing fixed values and randomizing it. Each solution has > pros and cons. What do you think?
It is indeed a hard decision. Let's think again of examples where this might happen. And then determine with which strategy users would be better off in which case. - ssh uses <username> for login if not explicitly told otherwise -> server knows you're a Tor user anyway -> better off with shared value - <username> (as part of the path) is sometimes encoded into user created content (images, firefox screenshot addon). Maybe only in user installed extra packages. -> when you upload them, server knows you're a Tor user anyway -> better off with shared value -> when you send the file to a third party (a journalist or so) who "hides" the users use of Tor -> you might prefer a random value over a shared one? - mixmaster (postfix) leaks <host_name>.<domain_name> to the mailserver. -> server knows you're a Tor user anyway -> better off with shared value - IRC clients not (pre)configured for privacy leak ident = username -> server knows you're a Tor user anyway -> better off with shared value - Please don't nail me for other examples. These are just a few I observed. Having these cases in mind, I slightly prefer shared value. Cheers, Patrick _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
