Hi, James Marshall: > Thanks for the link to TBB's design document-- very useful. I haven't read > it all, but I'm looking at section 2.2, "Privacy Requirements": > > 1) "Cross-Origin Identifier Unlinkability"-- so do sites with CORS or > Content-Security-Policy: not work through Tor? CGIProxy supports CSP but > not CORS yet; I could add a flag to disable those two technologies. they are working. In a privacy-preserving way. See: https://www.torproject.org/projects/torbrowser/design/#identifier-linkability for a more in-depth explanation what is meant by this and for the state of the implementation + what is missing. (You might want to look at section 4.6 as well as identifiers are not the only issue here.) Georg
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk