Thus spake [EMAIL PROTECTED] ([EMAIL PROTECTED]): > >Unique > >identifiers can be handed to the ad sites that will associate the > >torrified email account access with the non-torrified ad server > >access. > > True, but I don't see how this is a result of FoxyProxy. IOW, doesn't > this problem exist when using Tor exclusively without FoxyProxy? > > >Does XPCOM allow you to solve this problem somehow? > > I'm not sure I fully understand the problem yet (please elaborate),
So the problem is that a motivated adversary can subpoena or simply ask DoubleClick to hand over their IP/cookie logs. If you are using Tor for /everything/, then what they get from DoubleClick for that email address is just a Tor IP, no harm no foul. However, if the user had set up a filter that only sends *yahoo.com through Tor, then DoubleClick will have their /real IP/ on file in association with whatever unique ID yahoo passed for that email address, even though yahoo's records show only the Tor IP. See the problem? > but if you're asking whether XPCOM allows one to use a proxy on/off > based on a page and all its components (images, css files, js files), the > answer is yes. Yes, excellent. That is the property that is needed. If you use that level of control, you are fine. Incidentally, the problem above can happen with ftp://, gopher:// and whatever other protocol the browser might accept, so make sure you are updating all proxy settings for each page. -- Mike Perry Mad Computer Scientist fscked.org evil labs
