Let's continue speculating instead of reading any documentation. That's totally a productive use of everyone's time. https://www.torproject.org/projects/torbrowser/design/#new-identity https://www.torproject.org/projects/torbrowser/design/#identifier-linkability Thus spake Matthew Kaufman (mkfmncom@xxxxxxxxx): > Hi Joe, > > Great questions. I was also wondering how these claims on the New Identity > button works in this case. > > If it is the case, which it may be, this seems to or would seem to exceed > my expectations just as it may yours. > > > > On Monday, May 14, 2012, Joe Btfsplk wrote: > > > On 5/14/2012 1:56 PM, Mike Perry wrote: > > > >> The short answer is "Yes, we've looked into it. New Identity removes > >> evercookies." > >> > >> The long answer is > >> https://www.torproject.org/**projects/torbrowser/design/#**new-identity<https://www.torproject.org/projects/torbrowser/design/#new-identity>and > >> https://www.torproject.org/**projects/torbrowser/design/#** > >> identifier-linkability<https://www.torproject.org/projects/torbrowser/design/#identifier-linkability> > >> > >> The footnote is "Please help us test this shit in new releases. We just > >> had a race condition on the cache that allowed cache cookies to persist > >> for up to a minute after clicking New Identity (though they did go away > >> after that)." > >> https://trac.torproject.org/**projects/tor/ticket/3846<https://trac.torproject.org/projects/tor/ticket/3846> > >> https://trac.torproject.org/**projects/tor/ticket/5715<https://trac.torproject.org/projects/tor/ticket/5715> > >> > > How, pray tell, does clicking New Identity remove evercookies from 12 - 15 > > possible locations? The cache isn't the only place evercookies can be > > stored. How does it remove ANY cookies at all? Does that necessarily > > clear LSOs, clear different locations HTML5 data can be stored - like > > delete webappstore.sqlite - (even if you've not viewed HTML5 media, the > > cookies can still be place there), or all other known locations evercookies > > can be placed (so far)? I never heard or read that feature when using New > > Identity. Was I absent that day or were we waiting for just the right time > > for a big announcement? > > > >> > >> Thus spake Joe Btfsplk (joebtfsplk@xxxxxxx): > >> > >> The most recent versions of TBB& No Script's default settings under > >>> Advanced>External filters, is not to block hulu.com, .youtube.com. > >>> The content type (I think) refers to shockwave|futuresplash. How - > >>> OR IF - No Script's blocking ability of "evercookies" w/ its > >>> settings as it ships w/ TBB& sites like * Hulu * that (at least in > >>> recent past) were * confirmed * by several privacy investigation > >>> projects to be using evercookie / Kissmetrics.com tracking cookie > >>> technology. These cookies are NOT blocked by disabling all cookies > >>> / all 3rd party cookies in Firefox. Even if they were, TBB ships w/ > >>> allow all cookies enabled. > >>> > >>> One of the many ways / places (up to 12 - 15) that the js loaded > >>> evercookies can be placed is as an LSO / flash cookie. There are > >>> many other traditional& non traditional places these cookies are > >>> stored. AFAICT from reading research, these cookies CAN transmit > >>> data that could compromise Tor users' anonymity - as they certainly > >>> can in Firefox. They are also very difficult to del& "stay" > >>> deleted (thus, sometimes called Zombie cookies). Deleting cookies > >>> by "normal" means does NOT delete them. > >>> > >>> Numerous research reports that I've read say one of the only ways to > >>> block these is disable js for most sites (as in, using No Script), > >>> but that supposedly makes users more susceptible to fingerprinting, > >>> by only allowing certain sites to load js content. Yet Hulu was one > >>> of the worst offenders for using evercookies (I don't use Hulu, > >>> BTW), but is whitelisted in NoScript. > >>> > >>> Have Tor devs looked into THESE special types of cookies& if they > >>> potentially compromising anonymity or even increasing chances of > >>> fingerprinting, due to information they transmit about every site > >>> you visit? > >>> ______________________________**_________________ > >>> tor-talk mailing list > >>> tor-talk@xxxxxxxxxxxxxxxxxxxx > >>> https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > >>> > >> > >> > >> ______________________________**_________________ > >> tor-talk mailing list > >> tor-talk@xxxxxxxxxxxxxxxxxxxx > >> https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > >> > > ______________________________**_________________ > > tor-talk mailing list > > tor-talk@xxxxxxxxxxxxxxxxxxxx > > https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk> > > > _______________________________________________ > tor-talk mailing list > tor-talk@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk