[tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
joebtfsplk at gmx.com
Mon May 14 20:19:24 UTC 2012
On 5/14/2012 1:58 PM, Praedor Tempus wrote:
> OK, this sort of thing has me wondering if the only way to safely use tor is in a virtual machine. Would this not seem to be the case? Who cares if Hulu or Youtube gets your IP address if it is a bogus VM IP address rather than your real one? They get to see either your tor IP or the IP of your VM and nothing else.
> Perhaps tor should move to a tor browser VM instead of just an app?
I think one of the issue (may) be that even though evercookies wouldn't
see you "real" IP address, they would be able to track you across
multiple websites, incl. all URLs, pages / links you click on, what you
d/l, etc. They are able to transmit that data back to the mother ship.
I'll leave it to Tor "experts" EXACTLY how that could be used by either
the companies gathering the info, the sites (where the evercookie was
set) that were paying them to gather data, or adversaries trying to
fingerprint Tor users (if that's possible using evercookie data).
I would think - certainly in countries hostile to Tor (or ones that
aren't) - they could set up fake websites in order to set evercookies
just for tracking purposes. That might or might not lead them directly
to a person (again, experts can weigh in), but it would give them info
on how many users are accessing certain sites & what they're looking
at. There may be other things I haven't thought of.
More information about the tor-talk