You can fake it with a number of extensions, but there's a load of fingerprinting options that are sneakier than the user agent. The Tor Browser project has a document outlining changes they had to make to make things less fingerprintable.

The real question is, can you delete it completely? :)

That's a fascinating idea, even if it's not made public to the end user. Getting the git blamed stacktraces mailed to the dev team would be interesting!

Hahaha! It's definitely evil, but a funny evil.

Definitely recommend this site, it was a big influence in my early programming days, I found it way more interesting than Project Euler.

Agreed. I didn't get too far in Project Euler myself before finding other programming problems to solve. Logging in I only solved 4, apparently. Which doesn't seem right, maybe I accidentally created a second account, I've done that a few times.

The main issue was, though I have a math degree, there was no way it would appeal to most of my friends when we'd turn these sorts of things into a (mostly) friendly competition. Hacker.org hit just the right buttons to keep a few of them interested long enough to even plough through the problems they didn't enjoy just to make progress.

I don't get your comment?... prominent members from various versions of the IRA are and have been members of Irish governments, see Gerry Adams/Martin McGuinness (Or even Michael Collins if you're talking way back).

Just because an organization has members/affiliates in a government does not make that organization part of the government.

Its like saying what ever the presidents frat was, is part of the government.

Whenever said members/affiliates are former leaders we're really just splitting hairs. I get your point though, I mistook what he had said as there is no link at all between them. Instead he is saying 'The Irish government never commanded the IRA' which I'd largely agree with.

I don't want to slam your site too much, but just because You don't log Typeview information doesn't mean someone doesn't. If you're using regular HTTP then everything the user types in your textbox can be intercepted by people on the network or logged on proxy servers anywhere. This is not something the user expects to have to worry about.

Mentally, the google search box has a very different contract than a textbox to communicate with support staff, the user generally gets immediate feedback and understands their data is being sent as they type.

From what I remember, Wave had it optional as they even said themselves a lot of people were uncomfortable with the idea of people seeing their train of thought (and mistakes). It's an interesting idea but it's a horrible way to treat the user.

If you have to update your browser to read a site, on a site that's main function is to provide someones thoughts in text form, then I'd consider the website at fault.

Yes, as far as I've heard,

  VPN -> TOR = DANGER, 
  TOR -> VPN = PROBABLY_OK

You should probably make the 'Lahana is not super secure' really BIG and BOLD for the reader so they can understand their risk.

I've actually read the opposite (there used to be something about TOR -> VPN here http://sourceforge.net/p/whonix/wiki/Tunnel_Tor_through_prox... they seem to say VPN -> TOR is safe) I think using VPN -> Tor is normally ok since if you are running tor locally, your vpn provider won't be able to read your traffic since you have encrypted your traffic for tor locally (you've encrypted it four times in total, once for the vpn and three times for tor). The problem with lahana is that, unlike in the last case, in this case the traffic is only encrypted once locally then sent to the lahana node, decrypted, and then encrypted three times for tor. The danger here is that the person running the lahana node can read all your traffic after it is decrypted for them.

Encrypting something multiple times doesn't necessarily make something more secure. In some cases it can decrease the effectiveness of the protocols in use, but it really depends on what encryption is used and how it is used.

> The danger here is that the person running the lahana node can read all your traffic after it is decrypted for them.

So if I understand this correctly, if you're in a country with a government that monitors traffic and you connect to a malicious public lahana node that monitors traffic, run by the same government then your traffic is compromised?

But if you run your own lahana node, then it's not (excluding questions about whether or not Amazon have the ability to go into a node for example)?

Sorry if it sounds like I'm being daft I'm just trying to understand the specifics here, so I can figure out ways to address them (if they fall within the scope of lahana, vs traditional Tor uses).

Here's my reference for reference, http://www.slideshare.net/grugq/opsec-for-hackers (slide 137/138)

I cannot recommend either, but I would note that in your link they do seem to state 'Anyway, not so many people seem to do use a tunnel before they connect to Tor, therefore it's not so well tested, do not rely on it too much.'. So I'd be wary of their advice for anything you need to bet your life on.

Done, although if you have any specifics it'd be greatly appreciated.

I'd replace 'good at programming' with 'proven ability to ship'. Most of the time it's values way over a decent codebase from what I can see. Which is often fair enough!