Thus spake 7v5w7go9ub0o (7v5w7go9ub0o@xxxxxxxxx): > >> After all, in normal operation, your history leaks one fuckload of > >> a lot of bits. And that's a technical term. Sensitive ones too, > >> like what diseases and genetic conditions you may have (via Google > >> Health url history, or Wikipedia url history). It's pretty annoying > >> that the browser makers really have no plan to do anything about > >> that massive privacy leak. > > > > isn't there any way to protect against that without using > > Tor/Torbutton? i think there was a SafeHistory add-on, but it's still > > not been ported to FF 3.0+. > > IIUC, SafeHistory (with other stuff) has been incorporated into Torbutton. That's not 100% correct. A superset of SafeHistory and SafeCache's protections are in Torbutton in that Torbutton does not allow ANY visited links to be displayed as visited and it clears the cache on every toggle, and by default allows only memory caching. However, SafeHistory and SafeCache were more intelligent in how they operated for normal browsing. They used "same origin policy" rules (http://en.wikipedia.org/wiki/Same_origin_policy) for deciding when to display links as visited and when to allow caching for certain page elements. The idea was to prevent elements from doubleclick.net and other randomly sourced domains from determining arbitrarily which sites you visited, and from storing cross-domain unique identifiers (of course now there's DOM storage for that...). The reason why Torbutton didn't opt for the same origin policy method is because Tor exit nodes can impersonate any non-https origin they choose, and query your history or store global cache identifiers that way. It was basically all or nothing for us. But yes, it would be nice if Colin Jackson and company kept SafeHistory and SafeCache updated for regular users. Sadly they seem to have forgotten about it. I wonder if anyone will make a fork and update it. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpjyrJkiH21T.pgp
Description: PGP signature