[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Undeletable cookies



Thus spake Irratar (irratar77@xxxxxxxxx):

> Hello.
> 
> I have just found a site that can recognize me when I re-accessed it
> after I deleted all private data, toggled Torbutton and restarted Tor.
> 
> http://samy.pl/evercookie/

This is news to me. Are you using the default Torbutton settings? When
we tested this in the past, Torbutton was protecting against it. I
also just tested it now, and it did not recover my cookie.

Perhaps one of your other addons betrayed you? Did you enable plugins?
Or perhaps you have a misconfigured polipo storing these cookies in
its cache?

The Tor Browser Bundles are a good way to ensure you have a properly
configured, vanilla Tor setup.

> Of course, it isn't a Tor problem, but I think it's better to know for
> these who are interested in privacy. many sites may use the same
> technology stealthy. I will try to discover more about how does it
> keep my private information. So far this site seems to forgets me when
> I disable JavaScript, but maybe it just can't display the proper
> number.

Actually, web application layer privacy attacks *are* a Tor issue. We
try very hard to protect against them:
https://www.torproject.org/torbutton/en/design/#adversary

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpFHOGzBsWML.pgp
Description: PGP signature