Hi, intrigeri: > Do you plan to research this matter further?
Not sure how I could. Long story: I considered liferea for Whonix a while ago. Discovered there are cookies. I asked the liferea devs if cookies can be disabled... https://sourceforge.net/mailarchive/forum.php?thread_name=508C21F9.2080705%40gmail.com&forum_name=liferea-devel >> Can cookies be disabled in liferea? > No. There is no setting to prevent the embedded Webkit from using cookies. Then I saw that you have it in Tails and thought you may have some more information. Now after thinking about again, I am asking myself the following question: Which information could the feed website gather through the cookie? (Stream isolation assumed.) (Assumed a feed can only read it's own cookies.) 1) There is an anonymous connection which can be tied down to a pseudonym (by cookie). Let's call it Anonuser1. 2) The feed website can log the time and how often a feeds is fetched by Anonuser1. 3) The feed website can estimate how many anonymous users (persistence in Tails or in Whonix) exist in total. What's the information worth? 1) Nothing. 2) Some relevance for marketing, what interests anonymous people. No privacy risk. 3) Some relevance for marketing, what interests anonymous people. No privacy risk. Do I miss something? On the other hand if an adversary tells someone to sign up for a prepared feed, tracking of a pseudonymous user would be possible. After these questions are discussed also deleting the cookies before starting liferea or better before fetching (if it's possible to hook this), periodically deleting the cookies or hacking liferea otherwise could be considered. I also volunteer to communicate on liferea mailing list. Cheers, adrelanos _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
