[tor-talk] google analytics says it can track across separate domains
Mike Perry
mikeperry at torproject.org
Sun May 20 04:07:43 UTC 2012
Thus spake Joe Btfsplk (joebtfsplk at gmx.com):
> I think that those voicing a concern w/ these & TBB, were concerned
> w/ the trackers most difficult to stop. Are you saying that *
> tracking scripts * are ALSO isolated per URL domain in the cache
> (see quote below)? So that cross domain tracking isn't possible in
> TBB? If that's not correct, then there's still a big problem for
> now.
This is correct. Any violations of this property are major bugs for us.
> >Tracking scripts are * correctly * isolated in the cache, however (which is
> >more important, as many tracking scripts*do* embed unique identifiers
> >to get cached and used when the user clears cookies).
>
> When you speak of sandboxing:
> >Flash has tons of fingerprinting and proxybypass issues hidden in its binary blob. We
> >really need a full sandboxing technology to make it safe to uniformly enable.
>
> If running an app in something like Sandboxie, (maybe you mean a
> diff scenario), it is protecting the OS / machine from the APP. It
> doesn't stop a browser (or, I assume, trackers; Flash) from
> connecting to the internet. Maybe it would have value once the
> browser is closed, Flash proxy bypass has already occurred. Unless
> you're talking about something else.
Yes, it would require a custom sandbox of our design. Current sandboxing
tech (Seatbealt, AppArmor, Seccomp, SELinux) may actually need some
additional hacking before they are sufficient for our needs for
Flash.
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120519/be89ba52/attachment-0001.pgp>
More information about the tor-talk
mailing list