Firefox through Tor
Michael Holstein
michael.holstein at csuohio.edu
Thu Apr 27 18:22:11 UTC 2006
And what's more ...
If you've ever signed into your Yahoo account *even once* from a Non-TOR
IP address (including to sign up for it), it shouldn't be trusted. They
could just see what IP's you've ever touched a Yahoo site from while
authenticated, and 'fgrep -v toriplist'.
Likewise for anywhere else that gathers cookies.
~Mike.
Michael Holstein wrote:
>> So the problem is that a motivated adversary can subpoena or simply
>> ask DoubleClick to hand over their IP/cookie logs. If you are using
>> Tor for /everything/, then what they get from DoubleClick for that
>> email address is just a Tor IP, no harm no foul. However, if the user
>> had set up a filter that only sends *yahoo.com through Tor, then
>> DoubleClick will have their /real IP/ on file in association with
>> whatever unique ID yahoo passed for that email address, even though
>> yahoo's records show only the Tor IP.
>
>
> Swichproxy (as well as CTRL+SHIFT+DEL) in Firefox will clear all cookies.
>
> Anytime you switch between TOR/Direct you should close down to all but
> one blank window, clear cookies/cache one way or another, and *then*
> proceed.
>
> /mike.
>
More information about the tor-talk
mailing list