Feature #5611

Fight evercookies

Added by Tails 2013-07-18 07:43:30 . Updated 2013-07-19 01:48:05 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

The web browser in Tails 0.9 was subject to evercookies, both after closing the browser and after using Torbutton’s new identity feature: test site.

We should test if the TBB has the same problem, and possible solutions.

Testing reports

0.10.2

iceweasel 10.0.2, noscript 2.1.4-1, torbutton 1.4.5.1-1

samy.pl

Upon cookie creation, this website once reports it manages to store identifying bits in (cookieData, windowData, pngData, etagData, pngData).

  • Clicking the Torbutton New identity button => the website is kinda reliably able to rediscover the cookie.
  • Restarting the browser => the website is not able to rediscover the cookie.

pre-0.11 experimental branch

iceweasel 11, noscript 2.1.4-1, torbutton 1.4.5.1-1

samy.pl

Upon cookie creation, this website reports it manages to store identifying bits sometimes in (cookieData, windowData, pngData), sometimes in (cookieData, pngData, cacheData).

  • Clicking the Torbutton New identity button => the website generally is not able to rediscover the cookie, but it was once: buggy test?
  • Restarting the browser => the website is not able to rediscover the cookie.

in 0.10.2 and later.

Subtasks

History

#1 Updated by intrigeri 2013-07-19 01:48:05

  • Type of work set to Code

Type of work: Code