[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox through Tor

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Firefox through Tor
From: Mike Perry <mikepery@xxxxxxxxxx>
Date: Thu, 27 Apr 2006 14:20:18 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 27 Apr 2006 14:16:16 -0400
In-reply-to: <20060427131420.41772.qmail@web30810.mail.mud.yahoo.com>
References: <20060427070201.GC20502@fscked.org> <20060427131420.41772.qmail@web30810.mail.mud.yahoo.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.1i

Thus spake eric.jung@xxxxxxxxx (eric.jung@xxxxxxxxx):

> >Unique
> >identifiers can be handed to the ad sites that will associate the
> >torrified email account access with the non-torrified ad server
> >access.
> 
> True, but I don't see how this is a result of FoxyProxy. IOW, doesn't
> this problem exist when using Tor exclusively without FoxyProxy?
>
> >Does XPCOM allow you to solve this problem somehow?
> 
> I'm not sure I fully understand the problem yet (please elaborate),

So the problem is that a motivated adversary can subpoena or simply
ask DoubleClick to hand over their IP/cookie logs. If you are using
Tor for /everything/, then what they get from DoubleClick for that
email address is just a Tor IP, no harm no foul. However, if the user
had set up a filter that only sends *yahoo.com through Tor, then
DoubleClick will have their /real IP/ on file in association with
whatever unique ID yahoo passed for that email address, even though
yahoo's records show only the Tor IP.

See the problem?

> but if you're asking whether XPCOM allows one to use a proxy on/off
> based on a page and all its components (images, css files, js files), the
> answer is yes.

Yes, excellent. That is the property that is needed. If you use that
level of control, you are fine.

Incidentally, the problem above can happen with ftp://, gopher:// and
whatever other protocol the browser might accept, so make sure you are
updating all proxy settings for each page.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Follow-Ups:
- Re: Firefox through Tor
  - From: Michael Holstein
- Re: Firefox through Tor
  - From: Mike Perry

References:
- Re: Firefox through Tor
  - From: Mike Perry
- Re: Firefox through Tor
  - From: eric.jung

Prev by Author: Re: Firefox through Tor
Next by Author: Re: Firefox through Tor
Previous by thread: Re: Firefox through Tor
Next by thread: Re: Firefox through Tor
Index(es):
- Author
- Thread