upvote

points

by bawolff19 hours ago |
comments
upvoteby piccirello17 hours ago|
next
[-]
This excerpt from the article describes the risk well.

> In Firefox Private Browsing mode, the identifier can also persist after all private windows are closed, as long as the Firefox process remains running. In Tor Browser, the stable identifier persists even through the "New Identity" feature, which is designed to be a full reset that clears cookies and browser history and uses new Tor circuits.

reply
upvoteby fc417fc80212 hours ago|
parent|
[-]
I wonder why "New Identity" wasn't implemented as a fork-and-exec with a newly created profile?
reply
upvoteby vscode-rest7 hours ago|
parent|
[-]
Follow the money.
reply
upvoteby tardedmeme57 minutes ago|
parent|
next
[-]
Or it could just be a bug.
reply
upvoteby permo-w3 hours ago|
parent|
prev|
[-]
Seriously. TOR is primarily funded by the US government. Maybe this or not all bugs are deliberately left in for the sake of allowing backdoors, but people should not forget this
reply
upvoteby warkdarrior18 hours ago|
prev|
next
[-]
This is where you use id bridging.

1. Website fingerprints the browser, stores a cookie with an ID and a fingerprint.

2. During the next session, it fingerprints again and compares with the cookie. If fingerprint changed, notify server about old and new fingerprint.

reply
upvoteby mmooss18 hours ago|
prev|
next
[-]
Many users leave their browsers open for months.
reply
upvoteby allthetime16 hours ago|
parent|
next
[-]
Privacy and security conscious Tor users don’t.
reply
upvoteby autoexec10 hours ago|
parent|
prev|
[-]
Open enough tabs and you'd be lucky to keep firefox running for more than a couple weeks.
reply
upvoteby danlitt6 hours ago|
parent|
next
[-]
I have had hundreds of tabs open for many months in the past. The bottleneck is usually the OS crashing rather than firefox.
reply
upvoteby wongogue7 hours ago|
parent|
prev|
[-]
I have 488 tabs in the session with more than 50 loaded. The running session has 72 processes.
reply
upvoteby shevy-java18 hours ago|
prev|
[-]
Would it though? I guess state agencies already know all nodes or may know all nodes. When you have a ton of meta-information all cross-linked, they can probably identify people quite accurately; may not even need 100% accuracy at all times and could do with less. I was thinking about that when they used information from any surrounding area or even sniffing through walls (I think? I don't quite recall the article but wasn't there an article like that in the last 3-5 years? The idea is to amass as much information as possible, even if it may not primarily have to do with solely the target user alone; e. g. I would call it "identify via proxy information").
reply
upvoteby Barbing17 hours ago|
parent|
next
[-]
> I guess state agencies already know all nodes or may know all nodes.

Assume the same.

>The idea is to amass as much information as possible

Reminded, from 2012: https://www.wired.com/2012/03/ff-nsadatacenter/

reply
upvoteby akimbostrawman7 hours ago|
parent|
prev|
[-]
All Tor nodes are publicly known. Just knowing them doesn't help tracking at all because of onion routing, they would need access to all nodes.

https://metrics.torproject.org/rs.html

reply