[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5715 [TorBrowserButton]: TorBrowser not defending against evercookies despite of TorBrowserButton "New Identity"



#5715: TorBrowser not defending against evercookies despite of TorBrowserButton
"New Identity"
-------------------------------------+--------------------------------------
 Reporter:  guiseppe                 |          Owner:  mikeperry
     Type:  defect                   |         Status:  new      
 Priority:  critical                 |      Milestone:           
Component:  TorBrowserButton         |        Version:           
 Keywords:  evercookie, linkability  |         Parent:           
   Points:                           |   Actualpoints:           
-------------------------------------+--------------------------------------
 The TorBrowser is not defending against evercookies.

 By pressing the TorBrowserButton "New Identity", the evercookies set by
 samy.pl/evercookie seem to be cleared, but they are restorable.

 This affects the following types of evercookies:

 cacheData mechanism
 etag mechanism
 pngData mechanism
 windowData mechanism
 cookieData mechanism

 That is a critical behavior because of linkability between different
 TorBrowser sessions.

 If the TorBrowser is completely closed and then reopened, the evercookies
 seem to be really deleted according to Samy's testing page.

 Please check this. Thanks!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5715>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs