[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] google analytics says it can track across separate domains

Thus spake Joe Btfsplk (joebtfsplk@xxxxxxx):

> I think that those voicing a concern w/ these & TBB, were concerned
> w/ the trackers most difficult to stop.  Are you saying that *
> tracking scripts * are ALSO isolated per URL domain in the cache
> (see quote below)?  So that cross domain tracking isn't possible in
> TBB?  If that's not correct, then there's still a big problem for
> now.

This is correct. Any violations of this property are major bugs for us.

> >Tracking scripts are * correctly * isolated in the cache, however (which is
> >more important, as many tracking scripts*do*  embed unique identifiers
> >to get cached and used when the user clears cookies).
> When you speak of sandboxing:
> >Flash has tons of fingerprinting and proxybypass issues hidden in its binary blob. We
> >really need a full sandboxing technology to make it safe to uniformly enable.
> If running an app in something like Sandboxie, (maybe you mean a
> diff scenario), it is protecting the OS / machine from the APP.  It
> doesn't stop a browser (or, I assume, trackers; Flash) from
> connecting to the internet.  Maybe it would have value once the
> browser is closed, Flash proxy bypass has already occurred.  Unless
> you're talking about something else.

Yes, it would require a custom sandbox of our design. Current sandboxing
tech (Seatbealt, AppArmor, Seccomp, SELinux) may actually need some
additional hacking before they are sufficient for our needs for

Mike Perry

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list