Mike Perry wrote: [] > > The reason why Torbutton didn't opt for the same origin policy method > is because Tor exit nodes can impersonate any non-https origin they > choose, and query your history or store global cache identifiers > that way. It was basically all or nothing for us.
Ah......... makes sense. > > But yes, it would be nice if Colin Jackson and company kept > SafeHistory and SafeCache updated for regular users. Sadly they seem > to have forgotten about it. I wonder if anyone will make a fork and > update it. > IIRC, they were also concerned about the "wild west" of FF internal extension management - that a bad guy can wreak havoc in there (of course, Torbutton has done that to our benefit :-) ). Given the implications of panopticlick, have you any interest/plans in making Torbutton fingerprints even more indistinguishable (e.g. give every user a windows I.E. fingerprint) *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/