[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re[2]: Unique properties and realtime entry-exit check



Unless a site exploits a security flaw in firefox to generate cookies based on hardware, or has a nasty Java applet or activex script, then cookies can't be used to track you if you clear them often.

On 4/16/06, Arrakistor <arrakistor@xxxxxxxxx> wrote:
Hello Mike,

Regarding  the cookies, in that perspective, I do not know. If cookies
can  be  generated  by unique hardware, and be reliably regenerated by
the  same  algorithm,  and  cookies actually having access to anything
that  could make such data, I really do not know. But assuming all the
prior  was possible, then yes, cookies could probably distinguish your
hardware as a unique identifier.

Torpark  1.5.0.2b  available  in  a few hours. Blows away all previous
versions.

ST



Monday, April 17, 2006, 9:35:16 AM, you wrote:

> Thanks for your answer, and I always do a complete "Clear Private Data"
> in Firefox or Torpark before closing and switch to the other. Then no
> cookies left over to the next. BTW, the question was more of a possible
> collecting of identical data by both cookie-sessions.

> Torpark is inside a own folder on my drive, the regular Firefox is in
> it´s standard default installation folder.



> On Thu, 6 Apr 2006 01:09:03 -0500, "Mike Perry" < mikepery@xxxxxxxxxx>
> said:
>> Thus spake Total Privacy (nosnoops@xxxxxxxxxxx):
>>
>> > Two hypothetical examples:
>> >
>> > 1.
>> > I?m using the normal Firefox (without Tor) with cookies enabled
>> > to log in on Yahoo email to make some stuff as my real identity.
>> > Then I close the normal Firefox and start Torpark Firefox with
>> > cookies enabled to log in on another Yahoo email to make some
>> > stuff as an fake identity. Now the question is, are the cookies
>> > capable to retrieve some unique information about my computer,
>> > that later is comparable at Yahoo head quarter, to figure out
>> > this two different Yahoo webmail accounts was actually runned
>> > from one same computer?
>>
>> That depends on your profile directory.. If torpark and firefox are
>> sharing the same profile, cookies will be shared. If they are sharing
>> profiles, extensions probably will be shared also.
>>
>> An easy to check this without devling through arcane browser settings
>> is to install a cookie monitoring extension. I really like Add N' Edit
>> cookies myself. You can search for yahoo via each browser and make
>> sure no cookies are cross-populating.
>>
>> > 2.
>> > The same base as in the example 1 above, but with the difference
>> > that no cookies enabled anywhere and the webmail account is at
>> > Fastmail with complete https connection for everything. Now the
>> > question is, are there some unique properties by my computer?s
>> > https handling that appear the same on the Fastmail head quarter
>> > to make sure the two webmail accounts was runned from the one
>> > same computer?
>>
>> I think that unless you have installed a client certificate, there
>> should be no identifying information in an SSL handshake. If you do
>> have a client certificate installed (you will know if you do), I think
>> the client only uses it if the server requests it.
>>
>> --
>> Mike Perry
>> Mad Computer Scientist
>> fscked.org evil labs




--
Best regards,
Arrakistor                            mailto:arrakistor@xxxxxxxxx