[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Unique properties and realtime entry-exit check
Thanks for your answer, and I always do a complete "Clear Private Data"
in Firefox or Torpark before closing and switch to the other. Then no
cookies left over to the next. BTW, the question was more of a possible
collecting of identical data by both cookie-sessions.
Torpark is inside a own folder on my drive, the regular Firefox is in
it´s standard default installation folder.
On Thu, 6 Apr 2006 01:09:03 -0500, "Mike Perry" <mikepery@xxxxxxxxxx>
said:
> Thus spake Total Privacy (nosnoops@xxxxxxxxxxx):
>
> > Two hypothetical examples:
> >
> > 1.
> > I?m using the normal Firefox (without Tor) with cookies enabled
> > to log in on Yahoo email to make some stuff as my real identity.
> > Then I close the normal Firefox and start Torpark Firefox with
> > cookies enabled to log in on another Yahoo email to make some
> > stuff as an fake identity. Now the question is, are the cookies
> > capable to retrieve some unique information about my computer,
> > that later is comparable at Yahoo head quarter, to figure out
> > this two different Yahoo webmail accounts was actually runned
> > from one same computer?
>
> That depends on your profile directory.. If torpark and firefox are
> sharing the same profile, cookies will be shared. If they are sharing
> profiles, extensions probably will be shared also.
>
> An easy to check this without devling through arcane browser settings
> is to install a cookie monitoring extension. I really like Add N' Edit
> cookies myself. You can search for yahoo via each browser and make
> sure no cookies are cross-populating.
>
> > 2.
> > The same base as in the example 1 above, but with the difference
> > that no cookies enabled anywhere and the webmail account is at
> > Fastmail with complete https connection for everything. Now the
> > question is, are there some unique properties by my computer?s
> > https handling that appear the same on the Fastmail head quarter
> > to make sure the two webmail accounts was runned from the one
> > same computer?
>
> I think that unless you have installed a client certificate, there
> should be no identifying information in an SSL handshake. If you do
> have a client certificate installed (you will know if you do), I think
> the client only uses it if the server requests it.
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
--
http://www.fastmail.fm - A no graphics, no pop-ups email service