Package: epiphany-browser Version: 3.13.90-1 Severity: normal the "--private-instance" mode of epiphany allows tracking a user across different sessions, as can be shown using the evercookie website[1] by invoking `epiphany -p`, going to the site, "create an evercookie", closing the browser, invoking `epiphany -p` again, going there again and clicking "rediscover cookies".
i would originally have reported this as security critical (earlier, -p was described as "private browsing"), but now that epiphany has more options (including --incognito-mode and --netbank-mode which i didn't find documentation on), it is not clear any more whether -p is supposed to invoke the expectancy of private browsing, so the updated bug issue is: for the --private-instance option, it is not clear from neither --help nor man page, whether a user can expect be as unrelated to his other browsing behavior as it can be expected from a web browser (eg. i'd expect that there is no cross-session persistence, but wouldn't expect tor-like anonymizaton). [1] http://samy.pl/evercookie/ -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16-trunk-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages epiphany-browser depends on: ii dbus-x11 1.8.8-1 ii epiphany-browser-data 3.13.90-1 ii gnome-icon-theme 3.12.0-1 ii gnome-icon-theme-symbolic 3.12.0-1 ii gsettings-desktop-schemas 3.12.2-1 ii iso-codes 3.56-1 ii libatk1.0-0 2.12.0-1 ii libavahi-client3 0.6.31-4 ii libavahi-common3 0.6.31-4 ii libavahi-gobject0 0.6.31-4 ii libc6 2.19-11 ii libcairo-gobject2 1.12.16-5 ii libcairo2 1.12.16-5 ii libgcr-base-3-1 3.12.2-1 ii libgcr-ui-3-1 3.12.2-1 ii libgdk-pixbuf2.0-0 2.30.8-1 ii libglib2.0-0 2.41.4-1 ii libgnome-desktop-3-10 3.12.2-2 ii libgtk-3-0 3.13.8-1 ii libjavascriptcoregtk-4.0-18 2.5.3+dfsg1-1 ii libnotify4 0.7.6-2 ii libnspr4 2:4.10.7-1 ii libnspr4-0d 2:4.10.7-1 ii libnss3 2:3.17-1 ii libnss3-1d 2:3.17-1 ii libpango-1.0-0 1.36.7-1 ii libpangocairo-1.0-0 1.36.7-1 ii libsecret-1-0 0.18-1 ii libsoup2.4-1 2.46.0-2 ii libsqlite3-0 3.8.6-1 ii libwebkit2gtk-4.0-37 2.5.3+dfsg1-1 ii libwnck-3-0 3.4.9-1 ii libx11-6 2:1.6.2-3 ii libxml2 2.9.1+dfsg1-4 ii libxslt1.1 1.1.28-2 Versions of packages epiphany-browser recommends: ii ca-certificates 20140325 ii evince 3.12.2-1 ii yelp 3.12.0-1 epiphany-browser suggests no packages. -- no debconf information -- To use raw power is to make yourself infinitely vulnerable to greater powers. -- Bene Gesserit axiom
signature.asc
Description: Digital signature
