[tor-talk] google analytics says it can track across separate domains

Joe Btfsplk joebtfsplk at gmx.com
Sat May 19 21:38:34 UTC 2012 

On 5/19/2012 3:16 PM, Mike Perry wrote:
> Thus spake Mike Perry (mikeperry at torproject.org):
>
>> Thus spake Joe Btfsplk (joebtfsplk at gmx.com):
>>
>>> A few months ago, someone raised the question of TBB or any included
>>> addon not blocking web beacons / trackers and perhaps something like
>>> Ghostery should be included in TBB (I think).  I asked about beacons
>>> (web bugs) compromising anonymity (not to mention privacy).  Can't
>>> find the post, but I believe either Mike or Roger replied that it
>>> shouldn't be an issue because web beacons, like Google Analytics,
>>> can't track from site to site.  Hope I've got the essence of the
>>> reply correct.
>> Yes, that is correct. We consider the ability to link user activity
>> across different url bar domains a violation of our design requirements
>> (https://www.torproject.org/projects/torbrowser/design/#privacy), and
>> any ability to do so is a major bug.
>>
>> Unfortunately, there are a couple such bugs we're already currently
>> aware of:
>> https://trac.torproject.org/projects/tor/query?keywords=~tbb-linkability
>>
>> We'll fix them, eventually. Help is always appreciated, though.
> Oh, I should also mention
> https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
> as the laundry list of linkability mechanisms we've already at least
> partially fixed.
Thanks.  Then thinking about the cross domain tracking ability of web 
beacons (or that they could) must have changed since this was last 
discussed.  At that time, as memory serves, regarding beacons in general 
& idea of using Ghostery or something similar in function, it was said 
to be a non issue for Tor users.:-)

The design document draft, dated Dec 28, 2011 doesn't seem to mention 
web beacons.  Other than in a non specific way, the document doesn't 
seem to address how to handle them.   They aren't cookies, so don't fall 
under cookie control (in current or future browser designs).  Yet, they 
can track across domains.  A lot of users (Tor & non Tor) don't 
understand this nor are even aware of them.

Presumably, as they are loaded w/ pages, even w/ disk cache turned off, 
they can still be stored in memory cache & still track users, unless 
memory cache is disabled.  True?

Is there a reason that using Ghostery, or similar technology, couldn't 
or shouldn't be used until / if a design change in Tor / TBB prevents 
web beacons from being loaded w/ pages?
Perhaps the downside of using an addon like Ghostery out weighs the 
benefits for TBB users?  I'm not married to it, but haven't seen many 
other similar solutions for beacons.  Disable ALL image loading...

It does have options not to auto update blocking elements, if updating 
during * critical * Tor sessions was an issue.  Other than that, I'm not 
an expert.  I think the concept of web beacons is extremely deceitful 
for any browser & should under consideration by Congress to be banned, 
as are evercookies.  In the mean time... what about looking into 
Ghostery, etc., at least w/ suggested settings until something better is 
devised by Tor Project?

Re:  Flash LSO cookies in Windows.  The Dec 28, 2011 design document 
mentions,
> Flash cookies...
>
> *...Implementation Status:* We are currently having difficulties 
> <https://trac.torproject.org/projects/tor/ticket/3974> causing Flash 
> player to use this settings file on Windows, so Flash remains 
> difficult to enable.
>
If you can't get Flash to use a settings file - for now - maybe next 
best thing is education.  I'm thinking there should be a prominent file 
in TBB, containing a number of IMPORTANT changes that users should make; 
name it something like "you better make these changes or you may 
die.html," that opens w/ a new browser install.  The storage settings 
for Flash are fairly straight forward, w/ a little explanation, even 
though users must go to Adobe's site to change them (tricky, huh?).  
Even I could write / "borrow" instructions on how to change settings in 
Windows Flash manager, for better privacy.  Cookies & disk storage can 
be prevented totally, but if you del the "settings" cookie, all Flash 
settings revert to default.

More information about the tor-talk mailing list