[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites

To: Tor-Talk <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Mon, 14 May 2012 13:15:56 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 14 May 2012 14:16:14 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1

The most recent versions of TBB & No Script's default settings underAdvanced>External filters, is not to block hulu.com, .youtube.com. Thecontent type (I think) refers to shockwave|futuresplash. How - OR IF -No Script's blocking ability of "evercookies" w/ its settings as itships w/ TBB & sites like * Hulu * that (at least in recent past) were *confirmed * by several privacy investigation projects to be usingevercookie / Kissmetrics.com tracking cookie technology. These cookiesare NOT blocked by disabling all cookies / all 3rd party cookies inFirefox. Even if they were, TBB ships w/ allow all cookies enabled.

One of the many ways / places (up to 12 - 15) that the js loadedevercookies can be placed is as an LSO / flash cookie. There are manyother traditional & non traditional places these cookies are stored.AFAICT from reading research, these cookies CAN transmit data that couldcompromise Tor users' anonymity - as they certainly can in Firefox.They are also very difficult to del & "stay" deleted (thus, sometimescalled Zombie cookies). Deleting cookies by "normal" means does NOTdelete them.

Numerous research reports that I've read say one of the only ways toblock these is disable js for most sites (as in, using No Script), butthat supposedly makes users more susceptible to fingerprinting, by onlyallowing certain sites to load js content. Yet Hulu was one of theworst offenders for using evercookies (I don't use Hulu, BTW), but iswhitelisted in NoScript.

Have Tor devs looked into THESE special types of cookies & if theypotentially compromising anonymity or even increasing chances offingerprinting, due to information they transmit about every site you visit?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
  - From: Mike Perry
- Re: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
  - From: Praedor Tempus

Prev by Author: [tor-talk] any issue with TBB extensions auto updating?
Next by Author: Re: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
Previous by thread: Re: [tor-talk] any issue with TBB extensions auto updating?
Next by thread: Re: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
Index(es):
- Author
- Thread