Scott Arciszewski transcribed 0.9K bytes: > > Somebody told me of tlk.io. I have joined. I closed the window and when > > I was back I already had all settings as last time. I cleared the > > cookies and went back. I was like logged in, without ever logging in. I > > closed the window, cleaned up everything the delete all data can remove > > and 15 minutes after I reentered. I was still registered. New identity > > had no effect either. I had to close down Tor and start it again to lose > > the whatever that keeps identifying me. > > > > What is this? How do they do it? Are there other sites like that? Many sites use HTML5 canvas fingerprinting. Visiting either https://github.com/isislovecruft or https://pad.riseup.net/p/Lb57JrCmVzBt should trigger that little dialogue about "accessing the canvas" in TorBrowser too. > I'm using the latest version of the Tor Browser Bundle. It gives me this > prompt: http://imgur.com/ZGqzK4Z Can I ask you a question? When this dialogue (the http://imgur.com/ZGqzK4Z one) comes up, what do you usually do? Do you click the "Allow in the Future" button? Or click the little "X" in the corner? Or something else? > http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block > ^- possibly related TorBrowser is patched to block attempts by websites to access HTML5 canvases, since there isn't much legitimate purpose for a site to do this, other than to track you as that article you linked points out. However, if you've already clicked the "Allow in the Future" button on the little dialogue that comes down from the URL bar when a site attempts to do this, there isn't currently an easy way to revoke the permission you gave. [0] Additionally, there appears to be an issue in nsIPermissionManager (used by TorButton when "New Identity" is clicked), because the permissions currently aren't being cleared properly. [1] For now, my best advice is to be very careful allowing any site to access HTML5 canvases until we make it easier to revoke the permission. (In other words, click the little "X" next time. :) ) [0]: https://bugs.torproject.org/12682 [1]: https://bugs.torproject.org/12683 -- ââ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk