Flash Cookies and Tor.
Matthew
pumpkin at cotse.net
Mon Aug 2 07:11:05 UTC 2010
On 31/07/10 02:43, andrew at torproject.org wrote:
> On Fri, Jul 30, 2010 at 11:27:27PM +0100, pumpkin at cotse.net wrote 1.5K bytes in 29 lines about:
>> OK, to continue this - in the past I did use Tor with Flash enabled after
>> having Flash cookies on the hard drive from surfing when I was not using
>> Tor. In your opinion, is it likely that some websites would use these
>> Flash cookies to realise that the person surfing with Tor is the same
>> person who was surfing days / weeks / months earlier when not using Tor?
>> Would they then be able to connect non-Tor IPs to the person currently
>> using Tor (me)?
> Yes.
> http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
>
I had not read this article before but I had read EPIC's analysis of flash
cookies: http://epic.org/privacy/cookies/flash.html
I had also read the scholarly article here:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
None of these three articles mention IP addresses. Am I to assume that it
is a given that the flash component of Gmail will automatically grab the IP
address (when connecting in a non-Tor state) and then connect that IP to
the IP addresses that connected in a Tor state through the flash cookie
(providing flash is on when connecting in a Tor state).
In other words do you think IP addresses are not mentioned in these
articles because a) it is taken as a given that the flash cookie is used to
determine the "real" IP or b) because it is not actually guaranteed that IP
addresses will be connected through flash cookies?
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list