[tor-talk] Evercookies / supercookies tracking & No Script whitelisting tracking sites
Joe Btfsplk
joebtfsplk at gmx.com
Mon May 14 22:41:32 UTC 2012
On 5/14/2012 3:52 PM, Mike Perry wrote:
> Let's continue speculating instead of reading any documentation.
> That's totally a productive use of everyone's time.
>
> https://www.torproject.org/projects/torbrowser/design/#new-identity
> https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
I'm not speculating at all. As I said, I read the info on new identity
design (as best as I can understand - regarding both limited amount &
complexity of info). I didn't get anything from them that explained (to
me, a non expert) how New Identity, or anything else in TBB, deletes
evercookies in every documented storage location (if they exist in many
/ all of those locations).
Sorry if I'm dense, but I didn't get that.
The original developer of the evercookie concept, Samy Kamkar, listed
the places they can be hidden (below). I just didn't get that using New
Identity would deal w/ all these locations. Maybe it does, but it
didn't read like that to me.
Standard HTTP cookies
Local Shared Objects (Flash cookies)
Silverlight Isolated Storage
Storing cookies in RGB values of auto-generated, force-cached PNGs
using HTML5 Canvas tag to read pixels (cookies) back out
Storing cookies in Web history
Storing cookies in HTTP ETags
Storing cookies in Web cache
window.name caching
Internet Explorer userData storage
HTML5 Session Storage
HTML5 Local Storage
HTML5 Global Storage
HTML5 Database Storage via SQLite
The developer is looking to add the following features:
Caching in HTTP Authentication
Using Java to produce a unique key based on NIC information.
More information about the tor-talk
mailing list