I can see a siteA or adnet recognizing a unique is visiting them by watching your ad pulling profile, especially if you customized it. I can see adnet maybe knowing you're the same user on siteA and siteB. I can maybe even see siteA knowing you're the same user on siteB if the sites share intel with adnet. I can see an exit knowing these things through similar active/passive means that the adnets might use.
I think these four are all possible right? In practice guess is that people would be more at risk of tracking by not being session careful and using ctrl-shift-del-everything [1]. But in any case, I thought the purpose of TBB was to end torbutton in conjunction with FF ESR releases to have the resource to make the changes to FF that Mozilla was not willing, or delays in, doing... and to do it in the one place where they would seem to natively belong, the browser, rather than torbutton. And to send those changes back upstream to Mozilla. I did not get the sense TBB was to do that for addons. Given that the fingerprinting being covered in this thread still doesn't give away your real identity unless you chose to provide it to one of the sites/adnets, back to the original topic... People use these plugins because they: - Hate ads - On Tor, it is often more than just noticeably faster. Not just in reducing bandwidth and connections, but in page rendering timeouts and incomplete pages when adservers don't respond. - May even make you less trackable by not ingesting so many cross-site cookies in the first place. For many people, those benefits outweigh the talked about risks. So install them if you like. But I don't think it's right to ask torproject to install the plugin of the day as a convenience factor. Or to maintain its own version of a plugin unless its vulnerabilities are at least as high as its demand, and the upstream won't fix it. [1] TBB could get rid of the annoying 'OK' prompt in the pop up for that, thus going back to the old immediate way it took effect in the past. Some sort of status bar flash when the clearing completes would be useful. So would doing the clearing async. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
