[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Flash Cookies and Tor.



 On 31/07/10 02:43, andrew@xxxxxxxxxxxxxx wrote:
On Fri, Jul 30, 2010 at 11:27:27PM +0100, pumpkin@xxxxxxxxx wrote 1.5K bytes in 29 lines about:
OK, to continue this - in the past I did use Tor with Flash enabled after
having Flash cookies on the hard drive from surfing when I was not using
Tor.  In your opinion, is it likely that some websites would use these
Flash cookies to realise that the person surfing with Tor is the same
person who was surfing days / weeks / months earlier when not using Tor?
Would they then be able to connect non-Tor IPs to the person currently
using Tor (me)?
Yes.
http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide

I had not read this article before but I had read EPIC's analysis of flash cookies: http://epic.org/privacy/cookies/flash.html

I had also read the scholarly article here: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862

None of these three articles mention IP addresses. Am I to assume that it is a given that the flash component of Gmail will automatically grab the IP address (when connecting in a non-Tor state) and then connect that IP to the IP addresses that connected in a Tor state through the flash cookie (providing flash is on when connecting in a Tor state).

In other words do you think IP addresses are not mentioned in these articles because a) it is taken as a given that the flash cookie is used to determine the "real" IP or b) because it is not actually guaranteed that IP addresses will be connected through flash cookies?


***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/