On Mon, Jan 26, 2015, at 01:51 PM, PaulD wrote: > I have reason to believe that it is possible to deanonymize an orbot > user using the verizon supercookie. Possibly other "supercookies" as > well.
Can you confirm that Orweb is working properly on your device, by visiting https://check.torproject.org ? Also, can you tell me more about the device/OS version? > Provided that: > (a) the phone is communicating on mobile data, not wifi > (b) user visits an http page (not https) > (c) no other anonymity tools such as vpns stand in the way. > > Unclear whether root permissions matter. My phone is NOT rooted. > > My sample size is really small. just my phone. With that said, it seems > that it is possible to deanonymize a pretty big chunk of tor users, > without serious effort. > > The bottom line is that I visited the "do you have the verizon > Supercookie" website with orweb, and it appears that I do. > > http://lessonslearned.org/sniff -- Nathan of Guardian [email protected] _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
