Why?!

Why did they remove the OS spoofing? Without having read the controversy, my guess is that "TOR Browser doesn't work" needed a fix and a big part of the problem was that users on Linux got the Windows version of websites, so the TOR browser devs decided to tell the website this detail about the visitor, resulting in reducing the anonymity set dramatically, to 2.5% but even worse, to the 2.5% that are most suspicious to totalitarian regimes cause it must be somebody with agency and initiative, who doesn't just go with the OS that came with the PC.

According to the Tor Project, websites have always been able to identify the 2.5% Linux minority, even with OS spoofing in HTTP headers and even with Javascript disabled. In other words, the only effects of OS spoofing in HTTP headers was creating problems for user experience and providing a false sense of OS anonymity.

So there's no fix for that?

I don't have any technical knowledge of how these passive detection methods would operate so I can't say what the fix would be unfortunately. In the worst case scenario I can imagine that the only real fix would be running your brower from a virtual machine, which is something I've done in the past on Windows anyway. I might have to do more research on this, since I wasn't aware that such methods of detection existed.

Shit! An issue that was discussed since 5 years among a broad group of experts and it's actually more nuanced than I thought from reading 2min about it. Who would have thought? 🤔

Run #TailsOS

Tails - Home

Tails has the tor browser bundled. Is it any different?

Yes, in my opinion it doesn't matter whether the OS becomes known.

Where merely using Linux raises suspicion, it clearly does matter.

Eh, don't beat yourself up about it. We are all probably just LARPing as cyber outlaws anyway. If the authorities were really concerned about identifying and harming us then we would probably be completely screwed due to infosec mistakes completely unrelated to the design of the Tor Browser.

Personally I think thinking about this topic is just fun for its own sake, even if our personal experiences aren't really applicable or useful to figuring out the truth.

I want to learn and understand and not spread fud.

Oh yeah, learning and understanding is great, but I also think the world could really use more FUD in it. Trying to create or refute FUD is how we learn. You know, I had no idea that there was identifiable information all the way down in the TCP layer, or that Tor's anti-fingerprinting didn't cover it. How else would I ever have learned that if this misinformation hadn't been spread? Besides, spreading misinformation can be fun. The ways people respond can tell someone about how they think. Though if people believe them then they should keep making the misinformation more and more ridiculous until the people realize they weren't being genuine.