Firefox through Tor
mikepery at fscked.org
Thu Apr 27 20:00:21 UTC 2006
Thus spake Michael Holstein (michael.holstein at csuohio.edu):
> >So the problem is that a motivated adversary can subpoena or simply
> >ask DoubleClick to hand over their IP/cookie logs. If you are using
> >Tor for /everything/, then what they get from DoubleClick for that
> >email address is just a Tor IP, no harm no foul. However, if the user
> >had set up a filter that only sends *yahoo.com through Tor, then
> >DoubleClick will have their /real IP/ on file in association with
> >whatever unique ID yahoo passed for that email address, even though
> >yahoo's records show only the Tor IP.
> Swichproxy (as well as CTRL+SHIFT+DEL) in Firefox will clear all cookies.
> Anytime you switch between TOR/Direct you should close down to all but
> one blank window, clear cookies/cache one way or another, and *then*
Just clearing cookies every time there is a switch is not enough if
there is an automatic Tor filter in place.
The problem is that yahoo can custom-generate its links to DoubleClick
so they encode your email address (dunno if they do do this, but I'm
sure some sites and ad parters do). Therefore identifiying information
is sent independent of the cookie.
Mad Computer Scientist
fscked.org evil labs
More information about the tor-talk