[tor-talk] tor-talk Digest, Vol 82, Issue 10

Mon Nov 13 12:12:12 UTC 2017

Dear Duncan,

> A much better solution that doesn't involve giving yourself a unique
> fingerprint would be to store your passwords in a password manager.
Thank you for your suggestion. In fact, I use KeePassX already:)

Regarding fingerprints - if I was able to somehow clear all cookies and 
persistent data _except session cookies for these 2-5 domains_ (rotating 
exit node is fine), how is that worse in terms of privacy than 
logging-in to the same domains back immediately after clicking "New 
Identity"? The result is practically the same, isn't it? I'm still 
identifying myself to these few domains on the same terms as before - no 
more info, no less. Or am I wrong?

> Date: Sun, 12 Nov 2017 12:35:00 +0000
> From: Duncan <dguthrie at posteo.net>
> To: tor-talk at lists.torproject.org
> Subject: Re: [tor-talk] TBB as main browser: persistent logins to
> 	trusted sites?
> Message-ID: <93266608-8b52-f9f7-3cb3-f6b9c4872e8b at posteo.net>
> Content-Type: text/plain; charset=utf-8
> 
> Dear Theresa,
> 
> I suspect the reason you want to store session cookies is because you
> like the convenience of not having to login every time. I do not like
> this either.
> 
> A much better solution that doesn't involve giving yourself a unique
> fingerprint would be to store your passwords in a password manager.
> KeepassX is the one that you should use. Password managers make storing
> strong passwords easy and you just copy-paste them into the web 
> browser.
> 
> It is good practice to use a password manager in general because it
> stops the compromise of one service from compromising your other 
> accounts.
> 
> Best of luck,
> Duncan
> 
> theresa at firemail.cc:
>> Dear Tor community,
>> 
>> I'm exploring using TBB as my main browser.
>> 
>> However, there's one thing that I'd like to find a solution to - 
>> namely
>> being able to use "New Identity" while having a white list of domains
>> where "New Identity" would not erase cookies.
>> 
>> In other words, I'd like to be able to look like a new user to 99,99% 
>> of
>> the Internet, while still retain session cookies of 3-5 trusted 
>> domains.
>> 
>> I've noticed that there's a Cookie Protections dialog if the "private"
>> browsing mode is disabled (yeah, I know it's risky to change that - 
>> but
>> I'm just researching options), and within it one can clear all cookies
>> except "protected" ones - that seemed to be quite close to what I'd 
>> need.
>> 
>> However, I have noticed that if "private" browsing mode is disabled,
>> "New Identity" doesn't actually clear any cookies anymore. It seems to
>> depend on "private" browsing mode being enabled in TBB to clear 
>> cookies.
>> 
>> So, do you use TBB as your main browser, and if so, what approach(es) 
>> do
>> you take regarding "trusted" sites? Do you relogin each time you do a
>> New Identity?
>> 
>> best,
>> theresa.