On 23/08/11 16:23, Mike Perry wrote: >> If you read the article, you'll see that clearing the cache on toggle >> isn't enough. The cache should be completely disabled. If not, you could >> visit sitea.com, then visit siteb.com, and they could easily figure out >> that you're the same person. Even if you're coming from a different Tor >> exit node, even if you clear cookies inbetween. That is unless you have >> the patience to only visit one site at a time, and toggle off/on between >> each different site visit. > > Did I mention I don't like the toggle model? I thought I did :) > > I guess you could also argue that "New Identity" is a toggle-ish > solution. > > For the general TBB solution, see: > https://trac.torproject.org/projects/tor/ticket/3508 > > It is in 1.4.0. Neat. I was unaware of the SafeCache addon. > As I said in the blog posts, I intend to isolate all browser state to > urlbar domain, and/or disable whatever features aren't amenable to > this. So far this means that 3rd party cookies must be disabled and DOM > storage must be disabled. > > HTTP auth can be isolated similarly to cache. See: > https://trac.torproject.org/projects/tor/ticket/3748 Would be great if you achieved that. > SSL certificates are not isolated. They might never be. The SSL stack > is a nightmare. That's a shame. I'm seeing more and more sites enabling https. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk