Thus spake Michael_google gmail_Gersten (keybounce@xxxxxxxxx): > I think that's the real issue I have with cookies. The idea that a > cookie can be "permanent" without my approval. I have no problem with > login cookies. I have every problem with third party cookies being > accepted at all (the only place where IE is better than firefox -- > those can be disabled in IE). I hate "visitor tracking" cookies that > seem to get stuffed out by every website hoster now-a-days. So what does this mean to you with respect to cookie clearing? Should a newnym signal always clear cookies? Should it sometimes clear cookies? Should its behavior be tied to an existing torbutton cookie preference? I'm still of the mind it's kind of silly to put it in torbutton if it doesn't clear cache+cookies... > Now, how do httpS: streams get their cookies stolen or modified? http://seclists.org/bugtraq/2007/Aug/0070.html Gmail and many other sites are still vulnerable. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpMeSlUEvvwq.pgp
Description: PGP signature