[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] google analytics says it can track across separate domains
On 5/19/2012 3:16 PM, Mike Perry wrote:
Thanks. Then thinking about the cross domain tracking ability of web
beacons (or that they could) must have changed since this was last
discussed. At that time, as memory serves, regarding beacons in general
& idea of using Ghostery or something similar in function, it was said
to be a non issue for Tor users.:-)
Thus spake Mike Perry (mikeperry@xxxxxxxxxxxxxx):
Thus spake Joe Btfsplk (joebtfsplk@xxxxxxx):
A few months ago, someone raised the question of TBB or any included
addon not blocking web beacons / trackers and perhaps something like
Ghostery should be included in TBB (I think). I asked about beacons
(web bugs) compromising anonymity (not to mention privacy). Can't
find the post, but I believe either Mike or Roger replied that it
shouldn't be an issue because web beacons, like Google Analytics,
can't track from site to site. Hope I've got the essence of the
Yes, that is correct. We consider the ability to link user activity
across different url bar domains a violation of our design requirements
any ability to do so is a major bug.
Unfortunately, there are a couple such bugs we're already currently
We'll fix them, eventually. Help is always appreciated, though.
Oh, I should also mention
as the laundry list of linkability mechanisms we've already at least
The design document draft, dated Dec 28, 2011 doesn't seem to mention
web beacons. Other than in a non specific way, the document doesn't
seem to address how to handle them. They aren't cookies, so don't fall
under cookie control (in current or future browser designs). Yet, they
can track across domains. A lot of users (Tor & non Tor) don't
understand this nor are even aware of them.
Presumably, as they are loaded w/ pages, even w/ disk cache turned off,
they can still be stored in memory cache & still track users, unless
memory cache is disabled. True?
Is there a reason that using Ghostery, or similar technology, couldn't
or shouldn't be used until / if a design change in Tor / TBB prevents
web beacons from being loaded w/ pages?
Perhaps the downside of using an addon like Ghostery out weighs the
benefits for TBB users? I'm not married to it, but haven't seen many
other similar solutions for beacons. Disable ALL image loading...
It does have options not to auto update blocking elements, if updating
during * critical * Tor sessions was an issue. Other than that, I'm not
an expert. I think the concept of web beacons is extremely deceitful
for any browser & should under consideration by Congress to be banned,
as are evercookies. In the mean time... what about looking into
Ghostery, etc., at least w/ suggested settings until something better is
devised by Tor Project?
Re: Flash LSO cookies in Windows. The Dec 28, 2011 design document
If you can't get Flash to use a settings file - for now - maybe next
best thing is education. I'm thinking there should be a prominent file
in TBB, containing a number of IMPORTANT changes that users should make;
name it something like "you better make these changes or you may
die.html," that opens w/ a new browser install. The storage settings
for Flash are fairly straight forward, w/ a little explanation, even
though users must go to Adobe's site to change them (tricky, huh?).
Even I could write / "borrow" instructions on how to change settings in
Windows Flash manager, for better privacy. Cookies & disk storage can
be prevented totally, but if you del the "settings" cookie, all Flash
settings revert to default.
*...Implementation Status:* We are currently having difficulties
<https://trac.torproject.org/projects/tor/ticket/3974> causing Flash
player to use this settings file on Windows, so Flash remains
difficult to enable.
tor-talk mailing list