[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #16089 [Tor Browser]: samy.pl evercookie on Tor 4.5.1 on highest security setting



#16089: samy.pl evercookie on Tor 4.5.1 on highest security setting
--------------------------+--------------------------
 Reporter:  teor          |          Owner:  tbb-team
     Type:  defect        |         Status:  new
 Priority:  normal        |      Milestone:
Component:  Tor Browser   |        Version:
 Keywords:  needs-triage  |  Actual Points:
Parent ID:                |         Points:
--------------------------+--------------------------
 The evercookie code at http://samy.pl/evercookie/ is disabled when
 JavaScript is disabled in Tor Browser 4.5.1.

 However, when JavaScript is enabled, even on the highest security level,
 the following evercookie methods allow websites to persist data:

   cookieData mechanism: 414
   localData mechanism: 414
   sessionData mechanism: 414
   windowData mechanism: 414
   etagData mechanism: 414
   cacheData mechanism: 414

 This data persists when the page is refreshed, and when the browser tab or
 window is closed.

 However, when the browser is restarted, all persistent evercookie data is
 cleared.

 Is this the expected behavior?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16089>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs