On Mon, Jun 22, 2015 at 07:15:24PM -0500, Joe Btfsplk wrote: > Is that actually true? (they can track you over various exits) > Is that what the design document says?
Tor can't protect you, if your browser emits cookies or information about cached content back to an entity that operates global scale cdn or services: Lets make it easy: You are you (joe) and there is google (gog) and cloudflare (clo): You are ordering pizza via tor-exit1 (tex1) and watch some cats while eating that pizza on tor-exit2 (tex2). In your first session, you request content, a picture of said pizza from a cdn (clo) and with that request comes caching information and cookies from (clo) along with that picture. (clo) knows you now as an entity, you are emitting cookies back to (clo) with every use of his cdn. Lets assume the pizza service uses a website analytics service from (gog) under the premise of customer statisfaction: Your browser, requests 1x1pixel from that service, with that pixel comes another cookie, you are now knowm to (gog) as an pizza eating entity too. Every time you visit another site using (gog) analytics, you are the same pizza eating entity. Its time to go to the loo, and the pizza is delivered. The tor-client did his awesome job and has build new circuits, (joe) is know using (tex2). So, whats better than pizza? Pizza and cats: (joe) requests a embedded catmovie from some catmovie site, bad for him the catmovie is delivered via (clo) cdn, the browser adds the cookie to the request and (clo) adds that information to the record they startet about you earlier. Unfortunately catmovies uses the (gog) analytics service too (because its free, so who would mind), and (gog) gets their cookie back from earlier. Sorry to say, I am under the impression, you have watched to much VPN advertising, if it comes to your browser, your ip is no longer of interest. You really should get rid of that misconception that you are a ip address or somebody uses ip address to track people, since the inception of tor and vpn networks thats plain stupid. If you don't like to third parties from knowing that you are into the cat thing, the right thing to do would to use your browser to order pizza and using TBB to watch cats - that works. > But, many Tor Browser users seem to question allowing all scripts by > default - including 3rd party. That example works with plain http or https, were https is recommended while using tor. There was no active content involved. > On the _latter point_, I'm not as technically advanced as many on this > list, to fully understand ALL subtleties in the design document. It gets nasty and scary with active content involved, tor is only a network, it can hide your ip, but thats not always the solution. > On the _latter point_, I'm not as technically advanced as many on this > list, > to fully understand ALL subtleties in the design document. If one only has one tool, lets say a hammer, one tends to see every problem as nail, thats what you are doing. Please consider which parts of your personal habits and needs you like to expose in which way. So order pizza with your whatever browser and do the lewd cats thing with TBB. I know, not very convenient, but privacy or anonymity aren't avaliable in a convenient way anymore. Your ip has nothing to do with that anymore. That said, it isn't impossible. I still try to convice site owners to respect visitors and not exclude, track or sell their anonymity or privacy for some funky graphs. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk