Unique properties and realtime entry-exit check

Ringo Kamens 2600denver at gmail.com
Mon Apr 17 12:09:53 UTC 2006 

Unless a site exploits a security flaw in firefox to generate cookies based
on hardware, or has a nasty Java applet or activex script, then cookies
can't be used to track you if you clear them often.

On 4/16/06, Arrakistor <arrakistor at gmail.com> wrote:
>
> Hello Mike,
>
> Regarding  the cookies, in that perspective, I do not know. If cookies
> can  be  generated  by unique hardware, and be reliably regenerated by
> the  same  algorithm,  and  cookies actually having access to anything
> that  could make such data, I really do not know. But assuming all the
> prior  was possible, then yes, cookies could probably distinguish your
> hardware as a unique identifier.
>
> Torpark  1.5.0.2b  available  in  a few hours. Blows away all previous
> versions.
>
> ST
>
>
>
> Monday, April 17, 2006, 9:35:16 AM, you wrote:
>
> > Thanks for your answer, and I always do a complete "Clear Private Data"
> > in Firefox or Torpark before closing and switch to the other. Then no
> > cookies left over to the next. BTW, the question was more of a possible
> > collecting of identical data by both cookie-sessions.
>
> > Torpark is inside a own folder on my drive, the regular Firefox is in
> > it´s standard default installation folder.
>
>
>
> > On Thu, 6 Apr 2006 01:09:03 -0500, "Mike Perry" <mikepery at fscked.org>
> > said:
> >> Thus spake Total Privacy (nosnoops at fastmail.fm):
> >>
> >> > Two hypothetical examples:
> >> >
> >> > 1.
> >> > I?m using the normal Firefox (without Tor) with cookies enabled
> >> > to log in on Yahoo email to make some stuff as my real identity.
> >> > Then I close the normal Firefox and start Torpark Firefox with
> >> > cookies enabled to log in on another Yahoo email to make some
> >> > stuff as an fake identity. Now the question is, are the cookies
> >> > capable to retrieve some unique information about my computer,
> >> > that later is comparable at Yahoo head quarter, to figure out
> >> > this two different Yahoo webmail accounts was actually runned
> >> > from one same computer?
> >>
> >> That depends on your profile directory.. If torpark and firefox are
> >> sharing the same profile, cookies will be shared. If they are sharing
> >> profiles, extensions probably will be shared also.
> >>
> >> An easy to check this without devling through arcane browser settings
> >> is to install a cookie monitoring extension. I really like Add N' Edit
> >> cookies myself. You can search for yahoo via each browser and make
> >> sure no cookies are cross-populating.
> >>
> >> > 2.
> >> > The same base as in the example 1 above, but with the difference
> >> > that no cookies enabled anywhere and the webmail account is at
> >> > Fastmail with complete https connection for everything. Now the
> >> > question is, are there some unique properties by my computer?s
> >> > https handling that appear the same on the Fastmail head quarter
> >> > to make sure the two webmail accounts was runned from the one
> >> > same computer?
> >>
> >> I think that unless you have installed a client certificate, there
> >> should be no identifying information in an SSL handshake. If you do
> >> have a client certificate installed (you will know if you do), I think
> >> the client only uses it if the server requests it.
> >>
> >> --
> >> Mike Perry
> >> Mad Computer Scientist
> >> fscked.org evil labs
>
>
>
>
> --
> Best regards,
> Arrakistor                            mailto:arrakistor at gmail.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060417/3e2a0e31/attachment.htm>

More information about the tor-talk mailing list