[opensource-dev] [POLICY] Configurable HTTP user-agent string

[Argent Stonecutter]

On 2010-05-06, at 01:23, Ricky wrote:
> How can that be a source of correlation, unless you are using a viewer
> that has a userbase of one (yourself and your alts)?

When you're gathering information on someone for tracking purposes you  
don't need certainty. Even a viewer with a few percent of the market  
can be used to direct suspicion at a new account unless they  
completely avoid all their old hangouts.

There are precisely four viewers that are common enough that using one  
wouldn't be a red flag: The current and new Linden viewer, Snowglobe,  
and Emerald.

People who are currently using other viewers and don't pay attention  
to the privacy implications of new features (ie, just about anyone)  
would be wearing a target. New privacy exposures have to be opt-in,  
not opt-out.

This functionality would have to not just be spoofable, but be off by  
default and turning it on would be done through a user interface that  
actually shows you the current string and presents common alternatives.

If you were doing this, then it would be easier, easier to understand,  
and MUCH more useful to implement a general set of account tags or  
properties that people could edit at will. This would provide all the  
functionality people would get from a genuinely secure  
"llDetectedViewer()" type of API, since viewers could have a nice easy  
button that sets "Emerald: yes".