[tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites

Joe Btfsplk joebtfsplk at gmx.com
Mon May 14 20:19:24 UTC 2012

On 5/14/2012 1:58 PM, Praedor Tempus wrote:
> OK, this sort of thing has me wondering if the only way to safely use tor is in a virtual machine.  Would this not seem to be the case?  Who cares if Hulu or Youtube gets your IP address if it is a bogus VM IP address rather than your real one?  They get to see either your tor IP or the IP of your VM and nothing else. 
> Perhaps tor should move to a tor browser VM instead of just an app?
I think one of the issue (may) be that even though evercookies wouldn't 
see you "real" IP address, they would be able to track you across 
multiple websites, incl. all URLs, pages / links you click on, what you 
d/l, etc.  They are able to transmit that data back to the mother ship.  
I'll leave it to Tor "experts" EXACTLY how that could be used by either 
the companies gathering the info, the sites (where the evercookie was 
set) that were paying them to gather data, or adversaries trying to 
fingerprint Tor users (if that's possible using evercookie data).

I would think - certainly in countries hostile to Tor (or ones that 
aren't) - they could set up fake websites in order to set evercookies 
just for tracking purposes.  That might or might not lead them directly 
to a person (again, experts can weigh in), but it would give them info 
on how many users are accessing certain sites & what they're looking 
at.  There may be other things I haven't thought of.

More information about the tor-talk mailing list