[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re[2]: Unique properties and realtime entry-exit check



Hello Mike,

Regarding  the cookies, in that perspective, I do not know. If cookies
can  be  generated  by unique hardware, and be reliably regenerated by
the  same  algorithm,  and  cookies actually having access to anything
that  could make such data, I really do not know. But assuming all the
prior  was possible, then yes, cookies could probably distinguish your
hardware as a unique identifier.

Torpark  1.5.0.2b  available  in  a few hours. Blows away all previous
versions.

ST



Monday, April 17, 2006, 9:35:16 AM, you wrote:

> Thanks for your answer, and I always do a complete "Clear Private Data"
> in Firefox or Torpark before closing and switch to the other. Then no
> cookies left over to the next. BTW, the question was more of a possible
> collecting of identical data by both cookie-sessions. 

> Torpark is inside a own folder on my drive, the regular Firefox is in
> it´s standard default installation folder. 



> On Thu, 6 Apr 2006 01:09:03 -0500, "Mike Perry" <mikepery@xxxxxxxxxx>
> said:
>> Thus spake Total Privacy (nosnoops@xxxxxxxxxxx):
>> 
>> > Two hypothetical examples: 
>> > 
>> > 1. 
>> > I?m using the normal Firefox (without Tor) with cookies enabled 
>> > to log in on Yahoo email to make some stuff as my real identity. 
>> > Then I close the normal Firefox and start Torpark Firefox with 
>> > cookies enabled to log in on another Yahoo email to make some 
>> > stuff as an fake identity. Now the question is, are the cookies 
>> > capable to retrieve some unique information about my computer, 
>> > that later is comparable at Yahoo head quarter, to figure out 
>> > this two different Yahoo webmail accounts was actually runned 
>> > from one same computer? 
>> 
>> That depends on your profile directory.. If torpark and firefox are
>> sharing the same profile, cookies will be shared. If they are sharing
>> profiles, extensions probably will be shared also. 
>> 
>> An easy to check this without devling through arcane browser settings
>> is to install a cookie monitoring extension. I really like Add N' Edit
>> cookies myself. You can search for yahoo via each browser and make
>> sure no cookies are cross-populating.
>> 
>> > 2. 
>> > The same base as in the example 1 above, but with the difference 
>> > that no cookies enabled anywhere and the webmail account is at 
>> > Fastmail with complete https connection for everything. Now the 
>> > question is, are there some unique properties by my computer?s 
>> > https handling that appear the same on the Fastmail head quarter 
>> > to make sure the two webmail accounts was runned from the one 
>> > same computer? 
>> 
>> I think that unless you have installed a client certificate, there
>> should be no identifying information in an SSL handshake. If you do
>> have a client certificate installed (you will know if you do), I think
>> the client only uses it if the server requests it.
>> 
>> -- 
>> Mike Perry
>> Mad Computer Scientist
>> fscked.org evil labs




-- 
Best regards,
 Arrakistor                            mailto:arrakistor@xxxxxxxxx