[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites



On 5/14/2012 1:58 PM, Praedor Tempus wrote:
OK, this sort of thing has me wondering if the only way to safely use tor is in a virtual machine. Would this not seem to be the case? Who cares if Hulu or Youtube gets your IP address if it is a bogus VM IP address rather than your real one? They get to see either your tor IP or the IP of your VM and nothing else.

Perhaps tor should move to a tor browser VM instead of just an app?
I think one of the issue (may) be that even though evercookies wouldn't see you "real" IP address, they would be able to track you across multiple websites, incl. all URLs, pages / links you click on, what you d/l, etc. They are able to transmit that data back to the mother ship. I'll leave it to Tor "experts" EXACTLY how that could be used by either the companies gathering the info, the sites (where the evercookie was set) that were paying them to gather data, or adversaries trying to fingerprint Tor users (if that's possible using evercookie data).

I would think - certainly in countries hostile to Tor (or ones that aren't) - they could set up fake websites in order to set evercookies just for tracking purposes. That might or might not lead them directly to a person (again, experts can weigh in), but it would give them info on how many users are accessing certain sites & what they're looking at. There may be other things I haven't thought of.

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk