[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox through Tor

Thus spake Michael Holstein (michael.holstein@xxxxxxxxxxx):

> >So the problem is that a motivated adversary can subpoena or simply
> >ask DoubleClick to hand over their IP/cookie logs. If you are using
> >Tor for /everything/, then what they get from DoubleClick for that
> >email address is just a Tor IP, no harm no foul. However, if the user
> >had set up a filter that only sends *yahoo.com through Tor, then
> >DoubleClick will have their /real IP/ on file in association with
> >whatever unique ID yahoo passed for that email address, even though
> >yahoo's records show only the Tor IP.
> Swichproxy (as well as CTRL+SHIFT+DEL) in Firefox will clear all cookies.
> Anytime you switch between TOR/Direct you should close down to all but 
> one blank window, clear cookies/cache one way or another, and *then* 
> proceed.

Just clearing cookies every time there is a switch is not enough if
there is an automatic Tor filter in place.

The problem is that yahoo can custom-generate its links to DoubleClick
so they encode your email address (dunno if they do do this, but I'm
sure some sites and ad parters do). Therefore identifiying information
is sent independent of the cookie.

Mike Perry
Mad Computer Scientist
fscked.org evil labs