On 31/07/10 02:43, and...@torproject.org wrote:
On Fri, Jul 30, 2010 at 11:27:27PM +0100, pump...@cotse.net wrote 1.5K bytes in
29 lines about:
OK, to continue this - in the past I did use Tor with Flash enabled after
having Flash cookies on the hard drive from surfing when I was not using
Tor. In your opinion, is it likely that some websites would use these
Flash cookies to realise that the person surfing with Tor is the same
person who was surfing days / weeks / months earlier when not using Tor?
Would they then be able to connect non-Tor IPs to the person currently
using Tor (me)?
Yes.
http://www.eff.org/deeplinks/2009/09/new-cookie-technologies-harder-see-and-remove-wide
I had not read this article before but I had read EPIC's analysis of flash
cookies: http://epic.org/privacy/cookies/flash.html
I had also read the scholarly article here:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
None of these three articles mention IP addresses. Am I to assume that it
is a given that the flash component of Gmail will automatically grab the IP
address (when connecting in a non-Tor state) and then connect that IP to
the IP addresses that connected in a Tor state through the flash cookie
(providing flash is on when connecting in a Tor state).
In other words do you think IP addresses are not mentioned in these
articles because a) it is taken as a given that the flash cookie is used to
determine the "real" IP or b) because it is not actually guaranteed that IP
addresses will be connected through flash cookies?
***********************************************************************
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/