[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10400 [TorBrowserButton]: Provide "New Identity" option that uses session restore



#10400: Provide "New Identity" option that uses session restore
----------------------------------+---------------------------------------
     Reporter:  mikeperry         |      Owner:  mikeperry
         Type:  enhancement       |     Status:  new
     Priority:  major             |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability, tbb-newnym
Actual Points:                    |  Parent ID:
       Points:                    |
----------------------------------+---------------------------------------

Comment (by cypherpunks):

 Replying to [comment:7 mikeperry]:
 > In theory, adversaries could encode identifiers in the first party urls
 stored in the session store.

 "In theory"? It's very common to put user identifiers in URLs (session IDs
 a la PHPSESSIONID, user names, user ids etc.).

 Restoring these after "new identity" would immediately link the old
 session/identity to the new one.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10400#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs