[tbb-bugs] #16089 [Tor Browser]: samy.pl evercookie on Tor 4.5.1 on highest security setting
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon May 18 17:42:07 UTC 2015
#16089: samy.pl evercookie on Tor 4.5.1 on highest security setting
--------------------------+--------------------------
Reporter: teor | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: needs-triage | Actual Points:
Parent ID: | Points:
--------------------------+--------------------------
The evercookie code at http://samy.pl/evercookie/ is disabled when
JavaScript is disabled in Tor Browser 4.5.1.
However, when JavaScript is enabled, even on the highest security level,
the following evercookie methods allow websites to persist data:
cookieData mechanism: 414
localData mechanism: 414
sessionData mechanism: 414
windowData mechanism: 414
etagData mechanism: 414
cacheData mechanism: 414
This data persists when the page is refreshed, and when the browser tab or
window is closed.
However, when the browser is restarted, all persistent evercookie data is
cleared.
Is this the expected behavior?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16089>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list