-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi,
I wonder if the idea of using a random username has a serious problem: It makes every [Tails / anonymity distribution] session uniquely identifiable if the username gets sent in any way. And we *do* assume that it gets sent, because that's basically the idea behind the question what username should be used. Maybe I completely misunderstand this, but using a random username for every session basically sounds like creating a random (and unique!) stamp for every session. Not for every connection, but for every session, so that multiple connections in one session will share one unique username. Patrick Schleizer mentioned IRC idents as an example; maybe that's a good way to explain the problem: - - John Doe starts Tails. His username for this session will be "ombbjp8GTE". - - John Doe starts an IRC client. He says something that should absolutely remain anonymous. - - John Doe closes the IRC client and surfs a bit. - - John Doe starts an IRC client again, this time on another network where he happily chats with some friends next to his Iceweasel window. ==> Anyone who sees both the happy chatting on network 2 and the anonymous information on network 1 knows that it has been sent by the same user, and probably even who this user is. With one default nick for all users, this could not have happened. I'm unsure how severe this issue is, but it would make me suggest *not* using a random username. Best regards, Tobias Frei -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJT7+9qAAoJEOaAxTHjKzK7RO0P/iGAtpryltjmaL1p9+ELdaIb a94hHlnYEuWOmhI4yFNbGnJYa1vG1d72XE7nqESxIZj8kjg0Dg2X8rX9+BbJMV1m XG/5fMlMuwCSYncn01a0h1aOMw191RmNV93g5LRUXlaQqBQDUqMjddyjvI4K5J/7 BpLmO+uAzWDlS/OsjI8e3PxaODFUPAwOhwt8DMEei11r0PiSmLnZnUb28uafxbHs VJXCvzhadyvDsDffLy/WX8yamPMwFXiBHIVCoVTzuEm6OWkJ4bGbZ0IhT7Q/IGFA MPNFYDVA2jY2jcRXoUHm/CwDJmhhZqiw3txkGFhjyTRb7NdbRe2jc9hX5Hkod903 hX8ycs17Vluwq1cgHsSOOlnGlAGvtuvAQMQ9D3jwRcACF18Y097/7Tb1ctxmCwNY 25c/nrs/hcdYc2JHSQmtle2OJ2juVh635uHET+dLtCZbmlsHCuxBKz/L/VMXc7ns ZZx2qVvYMKc2QYzSQDkgrcPsrDMSfWxFCf4c3g/nP4lj/uuKAsOStBkyHlGlMVA3 HPtHmUbCBYYxfTrNST22ggWz/yWIPd0PPMxvGIXImL9T/Y5RHDF4W5R1FWuyTIBU 82niqLwHvCXhkhWak6tl8FA+XKmcQIE96QODEdAu497FMpZSDlK6QL1gMPiq8fn3 zA1wYC7riF3PxhvJEeGD =8GPs -----END PGP SIGNATURE----- _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
