Firefox through Tor

Michael Holstein michael.holstein at
Thu Apr 27 18:22:11 UTC 2006

And what's more ...

If you've ever signed into your Yahoo account *even once* from a Non-TOR 
IP address (including to sign up for it), it shouldn't be trusted. They 
could just see what IP's you've ever touched a Yahoo site from while 
authenticated, and 'fgrep -v toriplist'.

Likewise for anywhere else that gathers cookies.


Michael Holstein wrote:
>> So the problem is that a motivated adversary can subpoena or simply
>> ask DoubleClick to hand over their IP/cookie logs. If you are using
>> Tor for /everything/, then what they get from DoubleClick for that
>> email address is just a Tor IP, no harm no foul. However, if the user
>> had set up a filter that only sends * through Tor, then
>> DoubleClick will have their /real IP/ on file in association with
>> whatever unique ID yahoo passed for that email address, even though
>> yahoo's records show only the Tor IP.
> Swichproxy (as well as CTRL+SHIFT+DEL) in Firefox will clear all cookies.
> Anytime you switch between TOR/Direct you should close down to all but 
> one blank window, clear cookies/cache one way or another, and *then* 
> proceed.
> /mike.

More information about the tor-talk mailing list