[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Fwd: Tor and tlk.io



Any time an option comes up that I don't want to think about, I immediately
deny it. Better safe than sorry.


On Tue, Jul 22, 2014 at 10:29 PM, isis <isis@xxxxxxxxxxxxxx> wrote:

> Scott Arciszewski transcribed 0.9K bytes:
> > > Somebody told me of tlk.io. I have joined. I closed the window and
> when
> > > I was back I already had all settings as last time. I cleared the
> > > cookies and went back. I was like logged in, without ever logging in. I
> > > closed the window, cleaned up everything the delete all data can remove
> > > and 15 minutes after I reentered. I was still registered. New identity
> > > had no effect either. I had to close down Tor and start it again to
> lose
> > > the whatever that keeps identifying me.
> > >
> > > What is this? How do they do it? Are there other sites like that?
>
> Many sites use HTML5 canvas fingerprinting. Visiting either
> https://github.com/isislovecruft or https://pad.riseup.net/p/Lb57JrCmVzBt
> should trigger that little dialogue about "accessing the canvas" in
> TorBrowser
> too.
>
> > I'm using the latest version of the Tor Browser Bundle. It gives me this
> > prompt: http://imgur.com/ZGqzK4Z
>
> Can I ask you a question? When this dialogue (the http://imgur.com/ZGqzK4Z
> one) comes up, what do you usually do? Do you click the "Allow in the
> Future"
> button? Or click the little "X" in the corner? Or something else?
>
> >
> http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block
> > ^- possibly related
>
> TorBrowser is patched to block attempts by websites to access HTML5
> canvases,
> since there isn't much legitimate purpose for a site to do this, other
> than to
> track you as that article you linked points out.
>
> However, if you've already clicked the "Allow in the Future" button on the
> little dialogue that comes down from the URL bar when a site attempts to do
> this, there isn't currently an easy way to revoke the permission you gave.
> [0]
> Additionally, there appears to be an issue in nsIPermissionManager (used by
> TorButton when "New Identity" is clicked), because the permissions
> currently
> aren't being cleared properly. [1]
>
> For now, my best advice is to be very careful allowing any site to access
> HTML5 canvases until we make it easier to revoke the permission. (In other
> words, click the little "X" next time. :) )
>
> [0]: https://bugs.torproject.org/12682
> [1]: https://bugs.torproject.org/12683
>
> --
>  ââ isis agora lovecruft
> _________________________________________________________
> GPG: 4096R/A3ADB67A2CDB8B35
> Current Keys: https://blog.patternsinthevoid.net/isis.txt
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk