Mike Perry writes: > Thus spake Seth David Schoen ([email protected]): > > > > Hi, > > > I don't understand, too and in my opinion, this is utter nonsense. I'm > > > not aware of any negative impacts on privacy due to the usage of > > > https://, > > > > Session resumption can be used to recognize an individual browser > > that connects from different IP addresses, or even over Tor. This > > kind of recognition can be perfect because the resumption involves > > a session key which is large, random, and could not legitimately > > have been known to any other browser. :-( > > This is not true if the user is using Torbutton. See the paragraph > about security.enable_ssl2 in: > https://www.torproject.org/torbutton/en/design/#browseroverlay
Sorry, I only wanted to point out that the use of HTTPS in general does create this tracking mechanism (and that Tor and other TCP-level proxies won't remove it by themselves). Your thoroughness in dealing with details like this is a tremendous argument for always using Torbutton. -- Seth Schoen Senior Staff Technologist [email protected] Electronic Frontier Foundation https://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
