[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #5715 [TorBrowserButton]: TorBrowser not defending against evercookies despite of TorBrowserButton "New Identity"
#5715: TorBrowser not defending against evercookies despite of TorBrowserButton
"New Identity"
-------------------------------------+--------------------------------------
Reporter: guiseppe | Owner: mikeperry
Type: defect | Status: new
Priority: critical | Milestone:
Component: TorBrowserButton | Version:
Keywords: evercookie, linkability | Parent:
Points: | Actualpoints:
-------------------------------------+--------------------------------------
The TorBrowser is not defending against evercookies.
By pressing the TorBrowserButton "New Identity", the evercookies set by
samy.pl/evercookie seem to be cleared, but they are restorable.
This affects the following types of evercookies:
cacheData mechanism
etag mechanism
pngData mechanism
windowData mechanism
cookieData mechanism
That is a critical behavior because of linkability between different
TorBrowser sessions.
If the TorBrowser is completely closed and then reopened, the evercookies
seem to be really deleted according to Samy's testing page.
Please check this. Thanks!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5715>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs