[tor-dev] Improving Private Browsing Mode/Tor Browser

[Mike Perry]

Thus spake Georg Koppen (g.koppen at jondos.de):

> > However, when performed by the exits, this linkability is a real
> > concern. Let's think about that. That sounds more like our
> > responsibility than the browser makers. Now I think I see what Georg
> > was getting at. We didn't mention this because the blog post was
> > directed towards the browser makers.
> 
> Well, my idea was not that sophisticated but yes, it belongs to the
> passive attacks available to exit mixes I generally had in mind (and I
> agree that the current domain-based proposal makes it way harder for an
> active mix attacker). My example used just one session. And I still
> would claim that even this gives an exit mix means to track users during
> the 10 minutes (and later if the user happens to get the same exit mix
> again within the same browsing session). If this is true do you mean
> that it is just not worth the effort or is to difficult to explain to
> the user (as it is highly probably that avoiding this kind of tracking
> implies breaking some functionality in the web (a kind of tab separation
> would be necessary but not sufficient))?

I'm confused now. You're basically just talking about cookies, cache,
and other stored identifiers at this point, right?

Single-site linkability due to information the user has provided to
the website is outside of Tor's threat model. That is what https is
for (and also why we ship HTTPS-Everywhere with the Tor Browser
Bundle).


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110711/6b06c257/attachment.pgp>