Undeletable cookies
Hello. I have just found a site that can recognize me when I re-accessed it after I deleted all private data, toggled Torbutton and restarted Tor. http://samy.pl/evercookie/ Of course, it isn't a Tor problem, but I think it's better to know for these who are interested in privacy. many sites may use the same technology stealthy. I will try to discover more about how does it keep my private information. So far this site seems to forgets me when I disable JavaScript, but maybe it just can't display the proper number. P.S. This site was mentioned in or-talk earlier, but that message was written in an unfamiliar language, so I decided to write it. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Undeletable cookies
On 2011-02-18 Irratar wrote: I have just found a site that can recognize me when I re-accessed it after I deleted all private data, toggled Torbutton and restarted Tor. http://samy.pl/evercookie/ Of course, it isn't a Tor problem, but I think it's better to know for these who are interested in privacy. many sites may use the same technology stealthy. I will try to discover more about how does it keep my private information. So far this site seems to forgets me when I disable JavaScript, but maybe it just can't display the proper number. This is old news. http://en.wikipedia.org/wiki/Evercookie Regards Ansgar Wiechers -- All vulnerabilities deserve a public fear period prior to patches becoming available. --Jason Coombs on Bugtraq *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Undeletable cookies
Thus spake Irratar (irrata...@gmail.com): Hello. I have just found a site that can recognize me when I re-accessed it after I deleted all private data, toggled Torbutton and restarted Tor. http://samy.pl/evercookie/ This is news to me. Are you using the default Torbutton settings? When we tested this in the past, Torbutton was protecting against it. I also just tested it now, and it did not recover my cookie. Perhaps one of your other addons betrayed you? Did you enable plugins? Or perhaps you have a misconfigured polipo storing these cookies in its cache? The Tor Browser Bundles are a good way to ensure you have a properly configured, vanilla Tor setup. Of course, it isn't a Tor problem, but I think it's better to know for these who are interested in privacy. many sites may use the same technology stealthy. I will try to discover more about how does it keep my private information. So far this site seems to forgets me when I disable JavaScript, but maybe it just can't display the proper number. Actually, web application layer privacy attacks *are* a Tor issue. We try very hard to protect against them: https://www.torproject.org/torbutton/en/design/#adversary -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp45LsHkPuZg.pgp Description: PGP signature
Re: Undeletable cookies
On Fri, 18 Feb 2011 04:39:39 -0800 Mike Perry mikepe...@fscked.org wrote: Thus spake Irratar (irrata...@gmail.com): Hello. I have just found a site that can recognize me when I re-accessed it after I deleted all private data, toggled Torbutton and restarted Tor. http://samy.pl/evercookie/ This is news to me. Are you using the default Torbutton settings? When we tested this in the past, Torbutton was protecting against it. I also just tested it now, and it did not recover my cookie. Perhaps one of your other addons betrayed you? Did you enable plugins? Or perhaps you have a misconfigured polipo storing these cookies in its cache? The Tor Browser Bundles are a good way to ensure you have a properly configured, vanilla Tor setup. Of course, it isn't a Tor problem, but I think it's better to know for these who are interested in privacy. many sites may use the same technology stealthy. I will try to discover more about how does it keep my private information. So far this site seems to forgets me when I disable JavaScript, but maybe it just can't display the proper number. Actually, web application layer privacy attacks *are* a Tor issue. We try very hard to protect against them: https://www.torproject.org/torbutton/en/design/#adversary I think this is the result of #1968. https://trac.torproject.org/projects/tor/ticket/1968 signature.asc Description: PGP signature
Where is vidalia config file?.MacOSX.
I compiled/installed vidalia-0.2.10 from sources but I cannot find the vidalia configuration file(on Linux vidalia.conf) so I can change some things not available from the vidalia GUI interface.
Re: Where is vidalia config file?.MacOSX.
Assuming you have it installed in the normal location, it is at /Applications/Vidalia.app/Contents/Resources/vidalia.conf. If you have any questions about how to get there, feel free to message me. All the best, Joel Knighton On Friday, February 18, 2011 at 12:52 PM, Luis Maceira wrote: I compiled/installed vidalia-0.2.10 from sources but I cannot find the vidalia configuration file(on Linux vidalia.conf) so I can change some things not available from the vidalia GUI interface.
Re: Where is vidalia config file?.MacOSX.
On Fri, Feb 18, 2011 at 10:52:57AM -0800, luis_a_mace...@yahoo.com wrote 0.9K bytes in 17 lines about: : I compiled/installed vidalia-0.2.10 from sources but I cannot find the vidalia configuration file(on Linux vidalia.conf) so I can change some things not available from the vidalia GUI interface. It's in ~/Library/Vidalia or /Users/username/Library/Vidalia. -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/