browser fingerprinting - panopticlick
7v5w7go9ub0o
7v5w7go9ub0o at gmail.com
Sun Jan 31 01:40:35 UTC 2010
Mike Perry wrote:
[]
>
> The reason why Torbutton didn't opt for the same origin policy method
> is because Tor exit nodes can impersonate any non-https origin they
> choose, and query your history or store global cache identifiers
> that way. It was basically all or nothing for us.
Ah......... makes sense.
>
> But yes, it would be nice if Colin Jackson and company kept
> SafeHistory and SafeCache updated for regular users. Sadly they seem
> to have forgotten about it. I wonder if anyone will make a fork and
> update it.
>
IIRC, they were also concerned about the "wild west" of FF internal
extension management - that a bad guy can wreak havoc in there (of course,
Torbutton has done that to our benefit :-) ).
Given the implications of panopticlick, have you any interest/plans in
making Torbutton fingerprints even more indistinguishable (e.g. give
every user a windows I.E. fingerprint)
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list