[tor-dev] Improving Private Browsing Mode/Tor Browser

Georg Koppen g.koppen at jondos.de
Sun Jul 10 13:00:14 UTC 2011


> However, when performed by the exits, this linkability is a real
> concern. Let's think about that. That sounds more like our
> responsibility than the browser makers. Now I think I see what Georg
> was getting at. We didn't mention this because the blog post was
> directed towards the browser makers.

Well, my idea was not that sophisticated but yes, it belongs to the
passive attacks available to exit mixes I generally had in mind (and I
agree that the current domain-based proposal makes it way harder for an
active mix attacker). My example used just one session. And I still
would claim that even this gives an exit mix means to track users during
the 10 minutes (and later if the user happens to get the same exit mix
again within the same browsing session). If this is true do you mean
that it is just not worth the effort or is to difficult to explain to
the user (as it is highly probably that avoiding this kind of tracking
implies breaking some functionality in the web (a kind of tab separation
would be necessary but not sufficient))?

Georg



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110710/3754aedc/attachment.pgp>


More information about the tor-dev mailing list