Hey, Dnia Monday, September 18, 2017 12:27:21 PM CEST jes...@gmail.com pisze: > My only concern is working to ensure that to an outside observer such as > webservers and ad networks nothing short of the shared IP address (and via > Tor or VPN or different IPs honestly allocated to different domains perhaps > not even that) can act as a reliable indicator that web browsing activity in > one Qubes security domain is "linked" to activity from another security > domain via any secretly stored cookie-like reference identifiers that get > somehow leaked across domains.
Right. > For example: if I browse to a Flash or Silverlight website using Browser X > in my [untrusted] domain, would those plugins be able to store any kinds of > LSOs or HTML5 local storage or cached E-tags or anything else deep enough > into the system backend that they could pull them back out again in my > [work] domain when I browse back to that same site again? > (...) As far as I understand, the answer for Qubes is "this should absolutely not happen", but the Qubes developers should probably weigh-in on that. I for one would find a "how deep does the rabbit-hole get here" discussion on this very informative. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to email@example.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3904660.0aLW21G1cK%40lapuntu. For more options, visit https://groups.google.com/d/optout.
Description: This is a digitally signed message part.