Thus spake Eric H. Jung ([EMAIL PROTECTED]): > Hello Michaels, > > I apologize for the delayed reply. Please don't interpret the delay as > a lack of interest--it surely isn't. > > Quoting Mike Perry: > >Just clearing cookies every time there is a switch is not enough if > >there is an automatic Tor filter in place. > > >The problem is that yahoo can custom-generate its links to DoubleClick > >so they encode your email address (dunno if they do do this, but I'm > >sure some sites and ad parters do). Therefore identifiying information > >is sent independent of the cookie." > > I hope you'll both agree there's nothing FoxyProxy can do about this. > Unless you have a striking relevation which could solve the problem > programmatically, I'm just going to add this to the FoxyProxy FAQ as a > "be careful" warning in an attempt to educate.
Depending on the flexibility of XPCOM, it should be possible to solve this problem programatically (but it is error-prone). I probably should summarize everything from this thread again just so you have it all in one place: The way to solve the problem is to make sure that all embedded object links are in fact loaded through the active proxy for the parent tab/page. This includes frames, iframes, css, js, images, java, flash, and other misc plugin objects. Probably some other stuff too. So long as the 'evil' link-object is loaded through Tor, the problem is solved. The assumption is that the information encoded in the link isn't compromising by itself, but that the danger is that the browser will autoload the link in the clear and thus your real IP will be in that server's logs associating you with your Torrified email account. Also, because of accidental clicks, phishing attacks, and referrer urls, user followed links should also be protected. Pretty much anything the user follows from a protected, proxied page should inherit that page's proxy settings (including links followed by opening them in a new tab/window). Lastly, as Michael pointed out, you have to clear all cookies everytime a proxy switch is done (mega bonus points for a mechanism to protect certain cookies from deletion a-la http://cookieculler.mozdev.org/). If you do not do this, a cookie accessed from an ad banner displayed while you are visiting a site in the clear can be transmitted again when you access your email account through Tor, thus ruining your pseudonymity against an adversary with access to the ad server's data (assume everyone). The reverse is also possible, so cookies have to be cleared in each direction of the switch. Even with all these countermeasures, the type of filter where you specify only untrusted/Tor sites is error prone and should carry heavy warnings for people who truly need anonymity, and needs to be tested heavily by vigilant people with a wide variety of usage habits. I do think that it should be possible to build such a filter though. And it would be very very nice to have. > I forgot to mention that if a URL doesn't match any patterns defined > in FoxyProxy, FoxyProxy *does not* default to a direct > connection. Instead, it defaults to the whatever proxy > (if any) has been defined in Firefox's Connection Settings. > > > By defining Tor as the proxy in Firefox's Connection Settings, Tor > is used as a "catch-all" for non-matches. > > I'll shortly be adding blacklist capability to FoxyProxy (it already > has whitelist ability). That, in conjunction, with the above > "catch-all", should provide enough ingredients to come up with some > safe recipe for some of the problems both of you describe, no? Yes, inverting the filter so that you list only sites that you trust to connect to in the clear is a much safer option (and much easier to implement!), but my guess is that it will be much less popular than the ability to specify the sites you only want to visit through Tor (ie gmail/yahoo/.onion). There in lies the dillemma. -- Mike Perry Mad Computer Scientist fscked.org evil labs
