1 OS is a subset of 3 OS’s. They were always limited to 3 OS’s, because back when it was only 1 OS, that particular OS was one of the current 3. Saying they were always limited to 3 OS’s isn’t false.
Let’s try this:
- Did they or did they not say it was “categories”?
- Did they or did not they not previously only have one single operating system, not plural or multiple?
Originally it was 1 user agent. Once they added Mac and Linux user agents, they began to categorize their browsers’ user agents by OS group.
There is no “gotcha” in their language that changes the fundamental logic of their simplistic statement: They have always been limited to the 3 current OS’s, because the previous one is among the current 3. This is not perfectly clear language, but neither is it necessarily false.
You never answered the questions.
1 Like
The old statement was not accurate enough, it’d be accurate if you change “user-agent” with “user-agent header”.
The “user agent” and “user-agent header” are different things:
I would totally agree this statement from this 2019 blog post is unfortunate and confusing. “TBB masks the underlying OS” sounds more absolute than it was in reality, and that statement was contradicted at the time in the very same blog post by the screenshot above it…
I suspect part of their problem is their blog posts being written by their marketing team and not their anti-fingerprinting team, which is to be expected and is a problem shared by many privacy organizations… It’s also very easy to accidentally oversimplify something when explaining it to a non-technical audience like Tor’s blog readership. I think it is reasonable to consider this a minor mistake in wording, and not a significant mislead TBH.
If you read the more technical TBB design documentation that was linked in that same blog post you’ll find an explanation that was more true to reality:
Operating system vendor and version differences permeate many different aspects of the browser. While it is possible to address these issues with some effort, the relative lack of diversity in operating systems causes us to primarily focus our efforts on passive operating system fingerprinting mechanisms at this point in time. For the purposes of protecting user anonymity, it is not strictly essential that the operating system be completely concealed, though we recognize that it is useful to reduce this differentiation ability where possible, especially for cases where the specific version of a system can be inferred.
In fact, Tor users were unhappy about user agent spoofing in the first place because of the mismatch demonstrated in the screenshot above. Setting the user agent to Windows while revealing the true operating system through other means creates an artificial situation that no other browser would have (since they’d match in every other browser of course), so you stand out even more. Of course it isn’t a goal to make Tor Browser look like other browsers, but they don’t need to go out of their way to look different either…
Tor Project essentially could take two paths to improve this user agent situation:
- They could expend more effort into making more parts of the browser look like Windows, so that this inconsistency was addressed; or
- They could undo the strict-Windows user agent spoofing and instead use more general buckets of operating systems, which is obviously what they ended up doing.
Both approaches are valid, and clearly Sam Bent and others want Tor to take the first path instead, but given that their design has never considered it to be “strictly essential that the operating system be completely concealed,” I do think it makes more sense to take the easier-to-maintain path and focus on eliminating the possibility of specific OS versions/distros being identified (which they do), and also focus more on anti-fingerprinting beyond the OS.
It’s all trade-offs, right? At the end of the day if Tor dedicated effort to this problem they would have to work less on other problems that have higher impact.
3 Likes
Thank you for the extensive and thoughtful answer @Jonah. Even though this was marked solved, I feel it is extremely important that I mention the following.
For the record:
Bent was out of line and extraordinarily offensive when he tried to redirect the discussion about the tor documentation issue into a character attack against you @jonah and @henry-fisher. I happen to like both of you and appreciate your work, but even if I didn’t, ad hominem attacks add nothing productive.
Thanks again for your work on here.
pn
8 Likes
I’m probably risking my account being terminated by saying this. but you not even watching the video which means you don’t have any idea what the person in the video said so you have zero context, but calling him butthurt and being a conspiracy theorist, doesn’t make the person in the video look not really good, it makes you look very very highly questionable.
And now you’re reacting like an immature child with laughing emojis.
You make this forum look bad and sus.
No wonder techbore exists to criticise people who act like that
You mean Techlore? Act like what?
as a moderator of Techlore, what @jonah and what does techlore have to do with this? We never criticized what Jonah said, not mentioning he’s rarely on techlore and none criticized what he said at techlore.
No. I ment Techbore.
Lol, why would I ban you? If your are not breaking the forum rules or the PG COC, you are free to post here that you have a different opinion.
When you get to the size of PG, you will always piss someone off, no matter what opinion you have regarding any topic. Ive stopped caring about angry folks a long time ago. 
7 Likes
It gets the views and clicks, I guess. Now that I know who he is I’ve seen Sam Bent in the replies of random Twitter and even LinkedIn posts by privacy companies trying to stir the pot and get people to watch his video, because “Privacy Guides bad.” Browser fingerprinting is such a mundane topic of all things, and yet being corrected is taken so personally that you need to form a vendetta against us? We’re literally just privacy nerds LOL
At the end of the day, the information in this thread stands for itself, and people with genuine curiosity about this subject can see that, so that’s all I can really ask for 
5 Likes
Interesting that you’re calling me “angry folk”.
I’m not angry at all, i simply called you out.
How does it make sense to call a person butthurt when you did not listen to anything the person said. It obviously does not make any sense at all.
That’s all i said. There’s no anger.
Having watched the video I’ll just say that Niek’s assessment of the video after skimming it (which is watching) was basically accurate, but there are more direct counterarguments in the thread above too that you could read into.
2 Likes
I remember techlore (which you often do videos with) made a video where he said he no longer uses custom roms and instead went back to google.
You just said you’re a privacy nerd.
A real privacy nerd would never even consider using google android as os.
The reasons should be obvious aswell for any real privacy nerd.
It’s not like google is one of the top if not the nr1 offender of privacy on a global scale, their OS collects so much data it’s insane. The spying goes way to far. Yet techlore decides to make a video where he says he’s using google android over customroms. This isn’t a privacy nerd, it’s BS. Sorry if this sounds rude but i really don’t get it. I was watching techlore for a long time, but when he started making questionable videos like that i lost all trust and faith into him, you are not him but you’re closely related to him.
This seems like an argument of guilty by association? And PG recommends GrapheneOS? I’m not really sure what your angle is here 
1 Like
I do not work with Techlore, and I have no relationship with Techlore. Yes, I did in the past, absolutely. I just want to be very clear that’s no longer the case.
I’ve said[1] all these things[2] about Android myself tbh, it is the biggest problem by far with Android even with custom ROMs… It’s a difficult situation all around.
We could definitely get into the specifics of this more, it’s an interesting topic, but I wonder if we’re taking this a bit off topic and could start a different thread. I don’t really see what Techlore’s POV on Android has to do with Sam Bent’s POV on Browser Fingerprinting, which is what most people here were confused about.
2 Likes