HN2new | past | comments | ask | show | jobs | submitlogin

From the article:

If you don’t want to be identified, you can disable mssfix, just set it to zero on both server and client.

As for the OS/browser fingerprinting, I suppose you could just use p0f to figure out what your VPN "exit node" is running, then modify your user-agent to match.

Interestingly enough, it assumes that if it can't figure out either OS or fingerprint, they match:

    Detected OS   = ???
    HTTP software = ???

    ...
    Fingerprint and OS match.


> If you don’t want to be identified, you can disable mssfix, just set it to zero on both server and client.

Wouldn't the server get fragmented packets and discover that?


They are assembled back before they leave the VPN. This step makes the latency higher.


Maybe Tor Browser should try to match the user-agent to the exit-node.


No. You can identify a connection as "Tor" in several different ways. That's not the point of Tor. The point of Tor is that everyone using it looks the same as everyone else using it. You want the Tor user agent to be, essentially, "I'm Spartacus".


Right now TorBrowserBundle user agent is the most widespread version of Firefox over the most widespread version of Windows, and I think it should stay like this.


Anyone can get a list of every single tor exit node, so it is pretty much impossible to hide that you are using tor.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: