browser fingerprinting - panopticlick

7v5w7go9ub0o 7v5w7go9ub0o at gmail.com
Sun Jan 31 01:40:35 UTC 2010


Mike Perry wrote:
[]
> 
> The reason why Torbutton didn't opt for the same origin policy method
>  is because Tor exit nodes can impersonate any non-https origin they
>  choose, and query your history or store global cache identifiers
> that way. It was basically all or nothing for us.

Ah......... makes sense.

> 
> But yes, it would be nice if Colin Jackson and company kept 
> SafeHistory and SafeCache updated for regular users. Sadly they seem
>  to have forgotten about it. I wonder if anyone will make a fork and
>  update it.
> 
IIRC, they were also concerned about the "wild west" of FF internal
extension management - that a bad guy can wreak havoc in there (of course,
Torbutton has done that to our benefit :-) ).

Given the implications of panopticlick, have you any interest/plans in
making Torbutton fingerprints even more indistinguishable (e.g. give
every user a windows I.E. fingerprint)





***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list