[tor-bugs] Re: #1579 [Tor-Torbutton]: ETag and If-None-Match header can link multiple requests to the same page

["Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>]

#1579: ETag and If-None-Match header can link multiple requests to the same page
----------------------------+-----------------------------------------------
  Reporter:  bee            |       Owner:  mikeperry
      Type:  enhancement    |      Status:  closed   
  Priority:  minor          |   Milestone:           
 Component:  Tor-Torbutton  |     Version:           
Resolution:  duplicate      |    Keywords:           
    Parent:                 |  
----------------------------+-----------------------------------------------
Changes (by mikeperry):

  * status:  assigned => closed
  * resolution:  => duplicate
  * type:  defect => enhancement
  * priority:  blocker => minor


Comment:

 Dear Bee,

 You continue to demonstrate your unhelpful behaviour, illustrating and
 archiving for all the world to see why the Tor Project has decided that it
 is utterly impossible to collaborate with you.

 We've explicitly stated numerous times that it is important to communicate
 your ideas effectively if you want people to take you seriously. Again,
 this has nothing to do with exclamation points, and has everything to do
 with treating people with respect, forming complete thoughts, and actually
 *explaining* what you're doing. So far, you've done nothing but
 incoherently insult our work from the very beginning, despite your
 "FactorBee" software using many components the Tor Project has produced.
 Your patches and ideas do not come with explanation, reasoning or
 comments, and instead are laced with insults and ego bravado.

 You get one small point for finally successfully using our bugtracker
 (though obviously only to promote your own ego), but you lose several
 dozen points for not explaining your "exploit". If you had actually
 bothered to explain it, perhaps someone would have instantly told you that
 it has been addressed by TorButton for the past 3 years. See:

 https://www.torproject.org/torbutton/design/#attacks
 https://www.torproject.org/torbutton/design/#id2979312

 and the first public demonstration of the cache exploit attack:
 http://crypto.stanford.edu/sameorigin/safecachetest.html

 Your attack is no different than setting a cookie as far as Torbutton is
 concerned. In fact, setting a cookie is actually more effective against
 most of our users, because most of our users probably actually keep their
 Tor cookies on disk in Torbutton's "cookie jar". However, Torbutton has no
 option to persist cache data beyond a quick toggle of the button.

 Toggling the Torbutton quickly resets the visit count on your exploit page
 to 0. Try it.

 At best, this issue is a dup of Ticket #523, where I mention that if we
 implement a "New Identity Button", we should provide the option to have it
 run on a timer, expiring cookies, cache, and other tracking info every few
 hours, if the browser is idle.

 If you recall, I actually showed you this ticket before in a previous non-
 conversation...

 You continue to be a net drain on the Tor Project and its limited
 resources, despite any useful code or ideas you might occasionally
 produce. It's really a shame, because you do occasionally produce some
 useful ideas. You just make dealing with you so difficult that it is not
 worth using your work directly.

 Please fix yourself, or go away.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1579#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online