Undeletable cookies
katmagic
the.magical.kat at gmail.com
Fri Feb 18 16:57:56 UTC 2011
On Fri, 18 Feb 2011 04:39:39 -0800
Mike Perry <mikeperry at fscked.org> wrote:
> Thus spake Irratar (irratar77 at gmail.com):
>
> > Hello.
> >
> > I have just found a site that can recognize me when I re-accessed it
> > after I deleted all private data, toggled Torbutton and restarted Tor.
> >
> > http://samy.pl/evercookie/
>
> This is news to me. Are you using the default Torbutton settings? When
> we tested this in the past, Torbutton was protecting against it. I
> also just tested it now, and it did not recover my cookie.
>
> Perhaps one of your other addons betrayed you? Did you enable plugins?
> Or perhaps you have a misconfigured polipo storing these cookies in
> its cache?
>
> The Tor Browser Bundles are a good way to ensure you have a properly
> configured, vanilla Tor setup.
>
> > Of course, it isn't a Tor problem, but I think it's better to know for
> > these who are interested in privacy. many sites may use the same
> > technology stealthy. I will try to discover more about how does it
> > keep my private information. So far this site seems to forgets me when
> > I disable JavaScript, but maybe it just can't display the proper
> > number.
>
> Actually, web application layer privacy attacks *are* a Tor issue. We
> try very hard to protect against them:
> https://www.torproject.org/torbutton/en/design/#adversary
>
I think this is the result of #1968.
https://trac.torproject.org/projects/tor/ticket/1968
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110218/83570552/attachment.pgp>
More information about the tor-talk
mailing list