[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Browser Bundle

On Monday, November 07, 2011 05:08:57 tor@xxxxxxxxxxxxxxxxxx wrote:
> On 07/11/11 02:32, Andrew Lewman wrote:
> > I'd like to see someone do research that proves or disproves this fear
> > that javascript and cookies everywhere is hazardous to the anonymity of
> > a tor user.
> I don't think any research is required to know that "third party"
> cookies at least, are used to track users across sites. And that
> tracking Tor users across sites is very likely to reduce their anonymity.

It's not the tracking per se, it's how detailed the track works within the set 
of tor users. Does this tracking enable an ad network to determine you as an 
individual based on past history? Or does it simply put you into a subset of 
tor users that go from site A to site C to site D to site B regularly?

If you fire up TBB, login to facebook, and then browse 10 other sites with 
facebook connect on it, well, you aren't anonymous any more. If you browse 
those same 10 sites all the time, but without logging into facebook, does this 
make you unique in the set of tor users? and therefore uniquely identifiable, 
even though the ad network doesn't really know who you are?

> If you don't want to disable cookies altogether, I'd at least recommend
> disabling third party ones. If you think that will affect the user
> experience badly, it's worth noting that Apple disables third party
> cookies by default in Safari, so it can't be all that bad... I've not
> personally come across any sites where it has caused problems for me,
> but I will admit that such sites must exist.

The default tbb config does block 3rd party cookies, and clears all cookies on 
shutdown. Unless you've told torbutton to preserve some cookies, they're 

There's also research about behavioral advertising that suggests it's not 
personalized/targeted enough right now to creep people out. Except, of course, 
Facebook, which uses your friend's images to advertise to you. You've logged 
into facebook and given them that data, and tied your 'anonymous tbb usage' to 
you personally (at least on facebook and facebook connect sites).

pgp 0x74ED336B
tor-talk mailing list