Torbutton 1.1.8-alpha (Usability improvements)
Mike Perry
mikeperry at fscked.org
Wed Oct 3 16:29:51 UTC 2007
Thus spake Michael_google gmail_Gersten (keybounce at gmail.com):
> I think that's the real issue I have with cookies. The idea that a
> cookie can be "permanent" without my approval. I have no problem with
> login cookies. I have every problem with third party cookies being
> accepted at all (the only place where IE is better than firefox --
> those can be disabled in IE). I hate "visitor tracking" cookies that
> seem to get stuffed out by every website hoster now-a-days.
So what does this mean to you with respect to cookie clearing? Should
a newnym signal always clear cookies? Should it sometimes clear
cookies? Should its behavior be tied to an existing torbutton cookie
preference? I'm still of the mind it's kind of silly to put it in
torbutton if it doesn't clear cache+cookies...
> Now, how do httpS: streams get their cookies stolen or modified?
http://seclists.org/bugtraq/2007/Aug/0070.html
Gmail and many other sites are still vulnerable.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20071003/ae628831/attachment.pgp>
More information about the tor-talk
mailing list