[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
The most recent versions of TBB & No Script's default settings under
Advanced>External filters, is not to block hulu.com, .youtube.com. The
content type (I think) refers to shockwave|futuresplash. How - OR IF -
No Script's blocking ability of "evercookies" w/ its settings as it
ships w/ TBB & sites like * Hulu * that (at least in recent past) were *
confirmed * by several privacy investigation projects to be using
evercookie / Kissmetrics.com tracking cookie technology. These cookies
are NOT blocked by disabling all cookies / all 3rd party cookies in
Firefox. Even if they were, TBB ships w/ allow all cookies enabled.
One of the many ways / places (up to 12 - 15) that the js loaded
evercookies can be placed is as an LSO / flash cookie. There are many
other traditional & non traditional places these cookies are stored.
AFAICT from reading research, these cookies CAN transmit data that could
compromise Tor users' anonymity - as they certainly can in Firefox.
They are also very difficult to del & "stay" deleted (thus, sometimes
called Zombie cookies). Deleting cookies by "normal" means does NOT
delete them.
Numerous research reports that I've read say one of the only ways to
block these is disable js for most sites (as in, using No Script), but
that supposedly makes users more susceptible to fingerprinting, by only
allowing certain sites to load js content. Yet Hulu was one of the
worst offenders for using evercookies (I don't use Hulu, BTW), but is
whitelisted in NoScript.
Have Tor devs looked into THESE special types of cookies & if they
potentially compromising anonymity or even increasing chances of
fingerprinting, due to information they transmit about every site you visit?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk