On Fri, 18 Feb 2011 04:39:39 -0800 Mike Perry <mikeperry@xxxxxxxxxx> wrote: > Thus spake Irratar (irratar77@xxxxxxxxx): > > > Hello. > > > > I have just found a site that can recognize me when I re-accessed it > > after I deleted all private data, toggled Torbutton and restarted Tor. > > > > http://samy.pl/evercookie/ > > This is news to me. Are you using the default Torbutton settings? When > we tested this in the past, Torbutton was protecting against it. I > also just tested it now, and it did not recover my cookie. > > Perhaps one of your other addons betrayed you? Did you enable plugins? > Or perhaps you have a misconfigured polipo storing these cookies in > its cache? > > The Tor Browser Bundles are a good way to ensure you have a properly > configured, vanilla Tor setup. > > > Of course, it isn't a Tor problem, but I think it's better to know for > > these who are interested in privacy. many sites may use the same > > technology stealthy. I will try to discover more about how does it > > keep my private information. So far this site seems to forgets me when > > I disable JavaScript, but maybe it just can't display the proper > > number. > > Actually, web application layer privacy attacks *are* a Tor issue. We > try very hard to protect against them: > https://www.torproject.org/torbutton/en/design/#adversary > I think this is the result of #1968. https://trac.torproject.org/projects/tor/ticket/1968
Attachment:
signature.asc
Description: PGP signature