[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Unique properties and realtime entry-exit check



Thanks for your answer, and I always do a complete "Clear Private Data" 
in Firefox or Torpark before closing and switch to the other. Then no 
cookies left over to the next. BTW, the question was more of a possible 
collecting of identical data by both cookie-sessions. 

Torpark is inside a own folder on my drive, the regular Firefox is in 
it´s standard default installation folder. 



On Thu, 6 Apr 2006 01:09:03 -0500, "Mike Perry" <mikepery@xxxxxxxxxx>
said:
> Thus spake Total Privacy (nosnoops@xxxxxxxxxxx):
> 
> > Two hypothetical examples: 
> > 
> > 1. 
> > I?m using the normal Firefox (without Tor) with cookies enabled 
> > to log in on Yahoo email to make some stuff as my real identity. 
> > Then I close the normal Firefox and start Torpark Firefox with 
> > cookies enabled to log in on another Yahoo email to make some 
> > stuff as an fake identity. Now the question is, are the cookies 
> > capable to retrieve some unique information about my computer, 
> > that later is comparable at Yahoo head quarter, to figure out 
> > this two different Yahoo webmail accounts was actually runned 
> > from one same computer? 
> 
> That depends on your profile directory.. If torpark and firefox are
> sharing the same profile, cookies will be shared. If they are sharing
> profiles, extensions probably will be shared also. 
> 
> An easy to check this without devling through arcane browser settings
> is to install a cookie monitoring extension. I really like Add N' Edit
> cookies myself. You can search for yahoo via each browser and make
> sure no cookies are cross-populating.
> 
> > 2. 
> > The same base as in the example 1 above, but with the difference 
> > that no cookies enabled anywhere and the webmail account is at 
> > Fastmail with complete https connection for everything. Now the 
> > question is, are there some unique properties by my computer?s 
> > https handling that appear the same on the Fastmail head quarter 
> > to make sure the two webmail accounts was runned from the one 
> > same computer? 
> 
> I think that unless you have installed a client certificate, there
> should be no identifying information in an SSL handshake. If you do
> have a client certificate installed (you will know if you do), I think
> the client only uses it if the server requests it.
> 
> -- 
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs

-- 
http://www.fastmail.fm - A no graphics, no pop-ups email service