Viewing a single comment thread. View all comments

0

mofongo wrote

Your idea would make the use of tor useless because someone could track users using those headers.

2

aiwendil wrote (edited )

That actually isn't true. Essentially, when you log in to this site you are given a cookie to indicate to the backend that you are logged in. All the system I am thinking of would do is create another cookie that says your browser is authorized to use the website with tor and tie that to a valid email address. That address could be through something like 10minutemail or guerilla mail, thus not identifying any more than just logging in. The backend of this website can already track the actions of a user, as can all websites, but there is really no additional information being passed to the website. The website is just taking advantage of already trackable information that is non-identifying to make it much more impractical to spam. You would have to go through a registration process for each spam account you wanted to create that would make it much less efficient to do so. For the casual reader that doesn't want to have their browsing tracked while not logged in as this would ideally be implemented just for those user that wish to log in and participate while using tor.

Just so you know: Any website you visit using tor can already determine you are using tor. Any website you log into is storing some kind of session cookie in your browser.

With those two tidbits it is possible to create a non-identifying system that makes it easier to block abusive accounts, by simply invalidating their tor cookie and making them re-apply for one.

From this sites perspective the only thing tor obscures is your originating IP address. Once you log in any action you take on the website can be correlated to your browser through your session cookie, so adding an additional session cookie would not in any way reveal your IP address. In order to protect yourself it is important that you pick a username that doesn't identify you and use an email that doesn't identify you and you will still be fine. Tor is designed to protect you even from the sites that do a ton of tracking, of which raddit doesn't really seem like one of them.