Delivery-Date: Mon, 28 Sep 2015 13:01:35 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7F4EB1E0240;
	Mon, 28 Sep 2015 13:01:33 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8DBEA37CD0;
	Mon, 28 Sep 2015 17:01:27 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 564C837CA6
 for <tor-talk@lists.torproject.org>; Mon, 28 Sep 2015 17:01:24 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 4MwbJYZMyd5P for <tor-talk@lists.torproject.org>;
 Mon, 28 Sep 2015 17:01:24 +0000 (UTC)
Received: from paulo.mayfirst.org (paulo.mayfirst.org [209.234.253.240])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 3FBB437CA2
 for <tor-talk@lists.torproject.org>; Mon, 28 Sep 2015 17:01:24 +0000 (UTC)
Received: from paulo.mayfirst.org (unknown [127.0.0.1])
 by paulo.mayfirst.org (Postfix) with ESMTP id 559753F29
 for <tor-talk@lists.torproject.org>; Mon, 28 Sep 2015 13:01:20 -0400 (EDT)
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender:
 nathanfreitas@paulo.mayfirst.org) with ESMTPSA id 16CFE3F0F
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailauth.nyi.internal (Postfix) with ESMTP id 931562085D
 for <tor-talk@lists.torproject.org>; Mon, 28 Sep 2015 13:01:19 -0400 (EDT)
Received: from web2 ([10.202.2.212])
 by compute5.internal (MEProxy); Mon, 28 Sep 2015 13:01:19 -0400
Received: by web2.nyi.internal (Postfix, from userid 99)
 id 6A0F2540447; Mon, 28 Sep 2015 13:01:19 -0400 (EDT)
Message-Id: <1443459679.2182923.395643505.4909924F@webmail.messagingengine.com>
X-Sasl-Enc: ds4ZbLmNqfISjlBIDc7mzOk3RSlWmeoQkVolqQHkawTW 1443459679
From: Nathan Freitas <nathan@freitas.net>
To: Alexis Wattel <alexiswattel@gmail.com>, tor-talk@lists.torproject.org
MIME-Version: 1.0
X-Mailer: MessagingEngine.com Webmail Interface - ajax-f5bf1cf6
Date: Mon, 28 Sep 2015 13:01:19 -0400
In-Reply-To: <512753.30303035363362643463353062356366@popretr.messagingengine.com>
References: <1443133988.1502007.392950337.3AF864EB@webmail.messagingengine.com>
 <512753.30303035363362643463353062356366@popretr.messagingengine.com>
 <4711B162-92DA-4E28-A46B-434D0B24AF8C@gmail.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Mon, Sep 28, 2015, at 10:44 AM, Alexis Wattel wrote:
> The User-Agent and Accept headers gave me a unique fingerprint on
> https://panopticlick.eff org/. 

Yes, they are unique for Orfox users.

> They should be set to the same as the Tor Browser. There's no point in
> identifying the client as a mobile user if you seek anonymity; and the
> User-Agent is the one most basic way to track browsers besides IP
> addresses. 

We made a conscious choice to not use the same user-agent as Tor
Browser, since there are other things like screen-size, for instance,
that we cannot make the same. Our goal is to have the same user-agent as
Firefox for Android, which we do, and which has tens of millions of
users.
 
> The Accept headers are plain and simple leaked from the device. 

What do you mean leaked? Are you saying the Accept headers are unique
for your device, or just for Orfox/Firefox for Android? I think it is
the latter, and it is not a leak.

> Could easily pass as a honest mistake if this issue had not already been
> reported 2 years ago about Orweb. 

Trust me when I say that the work we have done here is way beyond Orweb
in many ways. Orweb didn't allow us to change the user-agent and accept
headers fully. With Orfox, we are using the fully compiled Gecko engine
from Tor Browser source. 

The few areas that differ are ones like this, where we made a choice to
have mobile web access be the default, based on this user-agent.

+n

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

