Changes between Initial Version and Version 1 of Ticket #30029, comment 5


Ignore:
Timestamp:
May 14, 2019, 9:33:24 PM (14 months ago)
Author:
cypherpunks
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #30029, comment 5

    initial v1  
    1 dkg, thank you for your reply.
     1dkg, thank you for your [comment:4 reply].
    22
    3 Briefly, you are certainly right that Tor avoids local storage of data that pertain to a user's behaviour, such as cookies and history.  However, this is not the case for "Bookmarks", with good reason: "Bookmarks" represent conscious choices on the part of the user.  For this argument to hold in the case of Petnames, we might want to ensure that the decision to associate a long-lived Petname with a particular onion site is always conscious, and not the 'default' behaviour resulting from simply visiting a site.  User empowerment is key to striking the right balance: for example, we might consider creating Petnames by default but having them be ephemeral by default, like the browsing history associated with a particular tab, so that users would be able to make the conscious decision to save the association in their browsers like bookmarks if they plan to revisit them.  The implementation would presumably be slightly different to Bookmarks since it would (1) only bind onion hostnames rather than complete URLs and, optionally, (2) require each Petname to be (locally) unique.  But this could be done in addition to Bookmarks, as a similar data store.
     3Briefly, you are certainly right that Tor avoids local storage of data that pertain to a user's behaviour, such as cookies and history.  However, this is not the case for "Bookmarks", with good reason: "Bookmarks" represent conscious choices on the part of the user.  For this argument to hold in the case of Petnames, we might want to ensure that the decision to associate a long-lived Petname with a particular onion site is always conscious, and not the 'default' behaviour resulting from simply visiting a site.  User empowerment is key to striking the right balance: for example, we might consider creating Petnames by default but having them be ephemeral by default, like the browsing history associated with a particular tab, so that users would be able to make the conscious decision to save the association in their browsers like Bookmarks if they plan to revisit them.  The implementation would presumably be slightly different to Bookmarks since it would (1) only bind onion hostnames rather than complete URLs and, optionally, (2) require each Petname to be (locally) unique.  But this could be done in addition to Bookmarks, as a similar data store.
    44
    55You're also right that the existence of a Petname should not affect network behaviour.  I am fairly certain that the existence of particular Bookmarks does not (non-negligibly, anyway) affect network behaviour.  Presumably the Tor Browser developers could make sure that the 'hiding' of the opaque onion address and replacement with the Petname is only a cosmetic (UX) change to the URL bar based upon the existence or non-existence of Bookmark-like Petname data for the given hostname.  The Tor Browser developers have already decided that Bookmarks do not pose a fingerprinting risk; it follows that we can implement Petnames to not be a risk also.