Thus spake Georg Koppen (g.kop...@jondos.de):
> > Can you provide specific concerns about facebook wrt the properties
> > from the blog post?
>
> Not yet, no. I am not a Facebook user and have therefore to look at
> research papers investigating it. And the things I read e.g. in
> http://www.rese
>>> What technical properties of the web makes such services impossible to
>>> use?
>>
>> The web is not the right object to reason about here. The more
>> interesting question would be "What techical properties of a service
>> makes it impossible to get used anonymously?" That remains to be
>> res
Thus spake Georg Koppen (g.kop...@jondos.de):
> >> That is definitely a good approach. But maybe there is research to be
> >> done here as well. Just a rough (and in part research) idea that I had
> >> in mind while asking you the question above: What about if we first
> >> started looking at diff
>> That is definitely a good approach. But maybe there is research to be
>> done here as well. Just a rough (and in part research) idea that I had
>> in mind while asking you the question above: What about if we first
>> started looking at different services offered in the web whether they
>> can b
> I'm confused now. You're basically just talking about cookies, cache,
> and other stored identifiers at this point, right?
Yes.
> Single-site linkability due to information the user has provided to
> the website is outside of Tor's threat model. That is what https is
> for (and also why we ship
Thus spake Georg Koppen (g.kop...@jondos.de):
> > Hence, I tend to make decisions in favor of the usability direction
> > over minor details, especially ones that don't really prevent bad
> > actors/adversaries from accomplishing their goals.
>
> That is definitely a good approach. But maybe ther
Thus spake Georg Koppen (g.kop...@jondos.de):
> > However, when performed by the exits, this linkability is a real
> > concern. Let's think about that. That sounds more like our
> > responsibility than the browser makers. Now I think I see what Georg
> > was getting at. We didn't mention this beca
>> Hmmm... If that is the answer to my questions then there is nothing like
>> avoiding getting tracked by exit mixes in the concept offered in the
>> blog post. Okay.
>
> That is not entirely true. Because identifiers would be linked to
> top-level urlbar domain, gone are the days where exits cou
> However, when performed by the exits, this linkability is a real
> concern. Let's think about that. That sounds more like our
> responsibility than the browser makers. Now I think I see what Georg
> was getting at. We didn't mention this because the blog post was
> directed towards the browser ma
Thus spake Robert Ransom (rransom.8...@gmail.com):
> On Thu, 23 Jun 2011 11:19:45 -0700
> Mike Perry wrote:
>
> > So perhaps Torbutton controlled per-tab proxy username+password is the
> > best option? Oh man am I dreading doing that... (The demons laugh
> > again.)
>
> If you do this, you will
On Thu, 23 Jun 2011 11:19:45 -0700
Mike Perry wrote:
> So perhaps Torbutton controlled per-tab proxy username+password is the
> best option? Oh man am I dreading doing that... (The demons laugh
> again.)
If you do this, you will need to give the user some indication of each
tab's ‘compartment’,
Thus spake Robert Ransom (rransom.8...@gmail.com):
> On Thu, 23 Jun 2011 10:10:35 -0700
> Mike Perry wrote:
>
> > Thus spake Georg Koppen (g.kop...@jondos.de):
> >
> > > > If you maintain two long sessions within the same Tor Browser Bundle
> > > > instance, you're screwed -- not because the ex
Thus spake Mike Perry (mikepe...@fscked.org):
> Thus spake Robert Ransom (rransom.8...@gmail.com):
>
> > On Thu, 23 Jun 2011 10:10:35 -0700
> > Mike Perry wrote:
> >
> > > Thus spake Georg Koppen (g.kop...@jondos.de):
> > >
> > > > > If you maintain two long sessions within the same Tor Browse
On Thu, 23 Jun 2011 10:10:35 -0700
Mike Perry wrote:
> Thus spake Georg Koppen (g.kop...@jondos.de):
>
> > > If you maintain two long sessions within the same Tor Browser Bundle
> > > instance, you're screwed -- not because the exit nodes might be
> > > watching you, but because the web sites' l
Thus spake Georg Koppen (g.kop...@jondos.de):
> > If you maintain two long sessions within the same Tor Browser Bundle
> > instance, you're screwed -- not because the exit nodes might be
> > watching you, but because the web sites' logs can be correlated, and
> > the *sequence* of exit nodes that
Thus spake Georg Koppen (g.kop...@jondos.de):
> >> And why having again add-ons that can probably be toggled on/off and
> >> are thus more error-prone than just having an, say, Tor anon mode?
> >> Or is this already included in the Tor anon mode but only separated
> >> in the blog post for explana
> Additionally, we expect that fingerprinting resistance will be an
> ongoing battle: as new browser features are added, new fingerprinting
> defenses will be needed. Furthermore, we'll likely be inclined to
> deploy unproven but better-than-nothing fingerprinting defenses (so
> long as they don't
> If you maintain two long sessions within the same Tor Browser Bundle
> instance, you're screwed -- not because the exit nodes might be
> watching you, but because the web sites' logs can be correlated, and
> the *sequence* of exit nodes that your Tor client chose is very likely
> to be unique.
A
Thus spake Georg Koppen (g.kop...@jondos.de):
> Thus, first I am not sure about the relationship of the improved private
> browsing and the anon mode. It seems like the former is kind of
> precondition of the latter and the latter adds some special anon
> features (or just layout stuff??): "We wou
On Wed, 22 Jun 2011 22:30:40 +0200
Georg Koppen wrote:
> Sticking to the blog post (one of) its central idea seems to be to
> isolate the identifiers and state to the top-level domain in the URL bar
> as "activity in Tor Browser on one site should not trivially
> de-anonymize their activity [i.e.
After reading Mike's blog post and the material contained in it (via
links) I thought it would be helpful to start a discussion about it.
First of all thanks for explaining the idea of improving the private
browsing mode. That aim seems worthwile but I want to focus more on the
needs for high anony
21 matches
Mail list logo
