On 31/07/10 02:43, andrew@xxxxxxxxxxxxxx wrote:
I had not read this article before but I had read EPIC's analysis of flash cookies: http://epic.org/privacy/cookies/flash.htmlOn Fri, Jul 30, 2010 at 11:27:27PM +0100, pumpkin@xxxxxxxxx wrote 1.5K bytes in 29 lines about:OK, to continue this - in the past I did use Tor with Flash enabled after having Flash cookies on the hard drive from surfing when I was not using Tor. In your opinion, is it likely that some websites would use these Flash cookies to realise that the person surfing with Tor is the same person who was surfing days / weeks / months earlier when not using Tor? Would they then be able to connect non-Tor IPs to the person currently using Tor (me)?Yes. http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
I had also read the scholarly article here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
None of these three articles mention IP addresses. Am I to assume that it is a given that the flash component of Gmail will automatically grab the IP address (when connecting in a non-Tor state) and then connect that IP to the IP addresses that connected in a Tor state through the flash cookie (providing flash is on when connecting in a Tor state).
In other words do you think IP addresses are not mentioned in these articles because a) it is taken as a given that the flash cookie is used to determine the "real" IP or b) because it is not actually guaranteed that IP addresses will be connected through flash cookies?
*********************************************************************** To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/