Tobias Frei wrote: > I wonder if the idea of using a random username has a serious problem: > It makes every [Tails / anonymity distribution] session uniquely > identifiable if the username gets sent in any way. And we *do* assume > that it gets sent, because that's basically the idea behind the > question what username should be used.
Thanks for following up on this. I'll quote your message fully because it seems like you didn't forward it to Freepto, Subgraph, Whonix, and Guardian. > Maybe I completely misunderstand this, but using a random username for > every session basically sounds like creating a random (and unique!) > stamp for every session. Not for every connection, but for every > session, so that multiple connections in one session will share one > unique username. > > Patrick Schleizer mentioned IRC idents as an example; maybe that's a > good way to explain the problem: > > - John Doe starts Tails. His username for this session will be > "ombbjp8GTE". > - John Doe starts an IRC client. He says something that should > absolutely remain anonymous. > - John Doe closes the IRC client and surfs a bit. > - John Doe starts an IRC client again, this time on another network > where he happily chats with some friends next to his Iceweasel window. > > ==> Anyone who sees both the happy chatting on network 2 and the > anonymous information on network 1 knows that it has been sent by the > same user, and probably even who this user is. > > With one default nick for all users, this could not have happened. > > I'm unsure how severe this issue is, but it would make me suggest > *not* using a random username. Note that in the case of Tails, we recommend our users against doing this. Which is mix different identities in a same working session: https://tails.boum.org/doc/about/warning/#index8h1 If you don't take care about this yourself, there are probably other ways that you can fuck it up (through the browser, the Tor config, etc.). But still, I totally understand your point and I'm wondering whether the same assumption "not mixing identities" apply to all the distros that we are talking about. For example to Whonix? And also, it's not because we recommend our users against doing something that we should take for granted that they will handle their contextual identities in perfect way (given this can be a really subjective topic). And we should still try our best to limit the consequences in case they do mix them or simply commit a mistake. -- sajolida _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
