[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton 1.1.8-alpha (Usability improvements)

Thus spake Michael_google gmail_Gersten (keybounce@xxxxxxxxx):

> I think that's the real issue I have with cookies. The idea that a
> cookie can be "permanent" without my approval. I have no problem with
> login cookies. I have every problem with third party cookies being
> accepted at all (the only place where IE is better than firefox --
> those can be disabled in IE). I hate "visitor tracking" cookies that
> seem to get stuffed out by every website hoster now-a-days.

So what does this mean to you with respect to cookie clearing? Should
a newnym signal always clear cookies? Should it sometimes clear
cookies? Should its behavior be tied to an existing torbutton cookie
preference? I'm still of the mind it's kind of silly to put it in
torbutton if it doesn't clear cache+cookies...
> Now, how do httpS: streams get their cookies stolen or modified?


Gmail and many other sites are still vulnerable.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpMeSlUEvvwq.pgp
Description: PGP signature