[tbb-bugs] #16089 [Tor Browser]: samy.pl evercookie on Tor 4.5.1 on highest security setting

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 18 17:42:07 UTC 2015

#16089: samy.pl evercookie on Tor 4.5.1 on highest security setting
 Reporter:  teor          |          Owner:  tbb-team
     Type:  defect        |         Status:  new
 Priority:  normal        |      Milestone:
Component:  Tor Browser   |        Version:
 Keywords:  needs-triage  |  Actual Points:
Parent ID:                |         Points:
 The evercookie code at http://samy.pl/evercookie/ is disabled when
 JavaScript is disabled in Tor Browser 4.5.1.

 However, when JavaScript is enabled, even on the highest security level,
 the following evercookie methods allow websites to persist data:

   cookieData mechanism: 414
   localData mechanism: 414
   sessionData mechanism: 414
   windowData mechanism: 414
   etagData mechanism: 414
   cacheData mechanism: 414

 This data persists when the page is refreshed, and when the browser tab or
 window is closed.

 However, when the browser is restarted, all persistent evercookie data is

 Is this the expected behavior?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16089>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list