Thanks for your answer, and I always do a complete "Clear Private Data" in Firefox or Torpark before closing and switch to the other. Then no cookies left over to the next. BTW, the question was more of a possible collecting of identical data by both cookie-sessions.
Torpark is inside a own folder on my drive, the regular Firefox is in it´s standard default installation folder. On Thu, 6 Apr 2006 01:09:03 -0500, "Mike Perry" <[EMAIL PROTECTED]> said: > Thus spake Total Privacy ([EMAIL PROTECTED]): > > > Two hypothetical examples: > > > > 1. > > I?m using the normal Firefox (without Tor) with cookies enabled > > to log in on Yahoo email to make some stuff as my real identity. > > Then I close the normal Firefox and start Torpark Firefox with > > cookies enabled to log in on another Yahoo email to make some > > stuff as an fake identity. Now the question is, are the cookies > > capable to retrieve some unique information about my computer, > > that later is comparable at Yahoo head quarter, to figure out > > this two different Yahoo webmail accounts was actually runned > > from one same computer? > > That depends on your profile directory.. If torpark and firefox are > sharing the same profile, cookies will be shared. If they are sharing > profiles, extensions probably will be shared also. > > An easy to check this without devling through arcane browser settings > is to install a cookie monitoring extension. I really like Add N' Edit > cookies myself. You can search for yahoo via each browser and make > sure no cookies are cross-populating. > > > 2. > > The same base as in the example 1 above, but with the difference > > that no cookies enabled anywhere and the webmail account is at > > Fastmail with complete https connection for everything. Now the > > question is, are there some unique properties by my computer?s > > https handling that appear the same on the Fastmail head quarter > > to make sure the two webmail accounts was runned from the one > > same computer? > > I think that unless you have installed a client certificate, there > should be no identifying information in an SSL handshake. If you do > have a client certificate installed (you will know if you do), I think > the client only uses it if the server requests it. > > -- > Mike Perry > Mad Computer Scientist > fscked.org evil labs -- http://www.fastmail.fm - A no graphics, no pop-ups email service
