[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox through Tor



And what's more ...

If you've ever signed into your Yahoo account *even once* from a Non-TOR IP address (including to sign up for it), it shouldn't be trusted. They could just see what IP's you've ever touched a Yahoo site from while authenticated, and 'fgrep -v toriplist'.

Likewise for anywhere else that gathers cookies.

~Mike.

Michael Holstein wrote:
So the problem is that a motivated adversary can subpoena or simply
ask DoubleClick to hand over their IP/cookie logs. If you are using
Tor for /everything/, then what they get from DoubleClick for that
email address is just a Tor IP, no harm no foul. However, if the user
had set up a filter that only sends *yahoo.com through Tor, then
DoubleClick will have their /real IP/ on file in association with
whatever unique ID yahoo passed for that email address, even though
yahoo's records show only the Tor IP.


Swichproxy (as well as CTRL+SHIFT+DEL) in Firefox will clear all cookies.

Anytime you switch between TOR/Direct you should close down to all but one blank window, clear cookies/cache one way or another, and *then* proceed.

/mike.