On Sat, Sep 22, 2007 at 12:39:25PM -0700, Peter Eckersley wrote: > On Sat, Sep 22, 2007 at 11:36:41 +0100, Mark Brown wrote: > > I would strongly expect that any user sufficiently concerned about > > these issues to take active steps like those would be willing to use > I think this misunderstands the problem. Having stronger privacy is > like an insurance policy: most of the people who end up having needed it > never knew they were going to need it. So they weren't going to have > gone out and installed Privoxy (maybe with Tor) /and/ then examined it > closely enough to realise that it doesn't alter their User-Agent by > default, and configured it to masquerade as Firefox on Windows or > something. That sounds like an argument for improving the default configuration of privoxy and similar tools more than anything else. Like I say, you're explicitly talking about users who have already taken active steps to protect their privacy. > Which brings us to a separate point: it's no use to have Privoxy > configured to block User-Agent strings, since that means you'll be the > one person with no User-Agent, which gives you an even smaller anonymity > sets than the default debian packages. Yes, smart users will copy Right; I've never actually seen an implementation of this feature that didn't substitute in a new browser string rather than simply removing the existing one. This feature is more commonly used to work around browser detection in web sites than for privacy reasons so most implementations actually come with a prepreparaed list of common user agent strings and offer the ability to specify something else only as an advanced option. -- "You grabbed my hand and we fell into it, like a daydream - or a fever."
Attachment:
signature.asc
Description: Digital signature