[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
RE: Tracking with etags
- To: <or-talk@xxxxxxxxxxxxx>
- Subject: RE: Tracking with etags
- From: "Jay Monfort" <monfster@xxxxxxxxx>
- Date: Tue, 14 Feb 2006 10:53:54 -0800
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Tue, 14 Feb 2006 13:54:05 -0500
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:message-id:x-mailer:x-mimeole:thread-index:in-reply-to; b=N08Jlvb/vZjtI8rOOE6x2XJgjFBxzdponMGR3ZQQVq/hTLWEdpqbcy3quCUP1CUgvGZ27tmcNdZkBYA6SkWeTTPlldoKTN6UAZqP6tTBOA4Nm4zjQIhJiylZiqnbqmPkPmM79ESrJEoxAAe1yFxgzkGPcGztPc29w2f6BSHiIuU=
- In-reply-to: <cb7cfef80602140823u30b28212g@mail.gmail.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- Thread-index: AcYxgxBDA3wGz+d1S7qRAOCC3+OUWgAFOU7g
What's the difference between an etag and a cookie?
> -----Original Message-----
> From: owner-or-talk@xxxxxxxxxxxxx
> [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Adam Gleave
> Sent: Tuesday, February 14, 2006 8:24 AM
> To: or-talk@xxxxxxxx
> Cc: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Tracking with etags
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> First, sorry if this has been mentioned before. I've searched and
> haven't found any mention, but it seems too obvious to have not
> already been reported.
>
> Basically, client gets etag from server, client sends etag to server
> next time it connects, server can associate client.
>
> Might not sound significant, but if Gmail - for instance - gives
> people Etag's, they - and anyone listening in on the connection - can
> associate unanonnimized accounts with anonymized accounts.
>
> I tested this on tor + privoxy and it worked.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (OpenBSD)
>
> iQIVAwUBQ/IDmsLXg8DOh72JAQK94hAAhCS1r7b6R1xJa9QuGD2MNJLZbNPuZxbc
> 4d9R/5wV2Xa2/UDbGwjAoX2kZNsje9X+tLwIcprSp1sUavXnYZZZC2GJblvmc3j7
> UDAVo3Ge44U4GFTP03l86DPWD18d6PmkYkrdUkOJfCiaGDSnhlsOjvywFUqOIvDq
> cLuDrKXYn2XCu1wEG5BUPVKQSRdIvyK4lsIEGUlUgVCsp5H0ComeVIOANcNUxwrW
> GGnvh7X+6lzbpLAsb89QME3I8+2CcHhGjkbGr47R/eBcjU1zGKObbVS+4McYgJaY
> VL5hNnTUgst4a+m3mm6dPSm+n/MDurnXVq+AvWOf0YA6yjZO+ve6vUQsfrfujN2d
> 3p+4xj5cNWS1AMpF9/0lcSFwOr43hfOG4xePbdyXOppMeSTMDGf2ApuPvpjn4jKg
> nGhDqq4Ho2DZDnoMYhYtdeW6dB7QGxluChmC0Mflnaar1EBJyUrqppPfDPPK8OLG
> /8ZVgJo3qR+ruKGpfzC7pKP43Q8gMRUWu6YuPg92SIojgd2mJXfR2zlRQkgZeg71
> CO+use+wCeuFMw0ICA64dfwIJrl7EoAaNTTAaKgoy8Wiklh4y8jN3xclSPqv1QWv
> kKqTA5ZeTlzxZyM1lLHJ05ruBk1WUBQ7TKijEX67hrQrkBFPw3yB1clHbwLotVjV
> ls51uf4YtAM=
> =pvn0
> -----END PGP SIGNATURE-----