[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #16089 [Tor Browser]: samy.pl evercookie on Tor 4.5.1 on highest security setting
#16089: samy.pl evercookie on Tor 4.5.1 on highest security setting
--------------------------+--------------------------
Reporter: teor | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: needs-triage | Actual Points:
Parent ID: | Points:
--------------------------+--------------------------
The evercookie code at http://samy.pl/evercookie/ is disabled when
JavaScript is disabled in Tor Browser 4.5.1.
However, when JavaScript is enabled, even on the highest security level,
the following evercookie methods allow websites to persist data:
cookieData mechanism: 414
localData mechanism: 414
sessionData mechanism: 414
windowData mechanism: 414
etagData mechanism: 414
cacheData mechanism: 414
This data persists when the page is refreshed, and when the browser tab or
window is closed.
However, when the browser is restarted, all persistent evercookie data is
cleared.
Is this the expected behavior?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16089>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs