[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Undeletable cookies



On Fri, 18 Feb 2011 04:39:39 -0800
Mike Perry <mikeperry@xxxxxxxxxx> wrote:

> Thus spake Irratar (irratar77@xxxxxxxxx):
> 
> > Hello.
> > 
> > I have just found a site that can recognize me when I re-accessed it
> > after I deleted all private data, toggled Torbutton and restarted Tor.
> > 
> > http://samy.pl/evercookie/
> 
> This is news to me. Are you using the default Torbutton settings? When
> we tested this in the past, Torbutton was protecting against it. I
> also just tested it now, and it did not recover my cookie.
> 
> Perhaps one of your other addons betrayed you? Did you enable plugins?
> Or perhaps you have a misconfigured polipo storing these cookies in
> its cache?
> 
> The Tor Browser Bundles are a good way to ensure you have a properly
> configured, vanilla Tor setup.
> 
> > Of course, it isn't a Tor problem, but I think it's better to know for
> > these who are interested in privacy. many sites may use the same
> > technology stealthy. I will try to discover more about how does it
> > keep my private information. So far this site seems to forgets me when
> > I disable JavaScript, but maybe it just can't display the proper
> > number.
> 
> Actually, web application layer privacy attacks *are* a Tor issue. We
> try very hard to protect against them:
> https://www.torproject.org/torbutton/en/design/#adversary
> 

I think this is the result of #1968.
https://trac.torproject.org/projects/tor/ticket/1968

Attachment: signature.asc
Description: PGP signature