Flash Cookies and Tor.

Matthew pumpkin at cotse.net
Mon Aug 2 07:11:05 UTC 2010

  On 31/07/10 02:43, andrew at torproject.org wrote:
> On Fri, Jul 30, 2010 at 11:27:27PM +0100, pumpkin at cotse.net wrote 1.5K bytes in 29 lines about:
>> OK, to continue this - in the past I did use Tor with Flash enabled after
>> having Flash cookies on the hard drive from surfing when I was not using
>> Tor.  In your opinion, is it likely that some websites would use these
>> Flash cookies to realise that the person surfing with Tor is the same
>> person who was surfing days / weeks / months earlier when not using Tor?
>> Would they then be able to connect non-Tor IPs to the person currently
>> using Tor (me)?
> Yes.
> http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
I had not read this article before but I had read EPIC's analysis of flash 
cookies: http://epic.org/privacy/cookies/flash.html

I had also read the scholarly article here: 

None of these three articles mention IP addresses.  Am I to assume that it 
is a given that the flash component of Gmail will automatically grab the IP 
address (when connecting in a non-Tor state) and then connect that IP to 
the IP addresses that connected in a Tor state through the flash cookie 
(providing flash is on when connecting in a Tor state).

In other words do you think IP addresses are not mentioned in these 
articles because a) it is taken as a given that the flash cookie is used to 
determine the "real" IP or b) because it is not actually guaranteed that IP 
addresses will be connected through flash cookies?

To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

More information about the tor-talk mailing list