Delivery-Date: Sat, 23 Apr 2016 15:03:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id CDDB01E03F4;
	Sat, 23 Apr 2016 15:03:40 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 0DC1B3A8B1;
	Sat, 23 Apr 2016 19:03:37 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 649773A819
 for <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 19:03:33 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id MxHlQTSFhgNW for <tor-talk@lists.torproject.org>;
 Sat, 23 Apr 2016 19:03:33 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id DD3C53A720
 for <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 19:03:32 +0000 (UTC)
Received: from [192.168.2.62] ([99.190.181.188]) by mail.gmx.com (mrgmx003)
 with ESMTPSA (Nemesis) id 0LjZhg-1bQukb09I8-00bZEI for
 <tor-talk@lists.torproject.org>; Sat, 23 Apr 2016 21:03:29 +0200
To: tor-talk@lists.torproject.org
References: <1461417342.6149.17.camel@pentium.freedom.box>
From: Joe Btfsplk <joebtfsplk@gmx.com>
Message-ID: <571BC6FE.5080205@gmx.com>
Date: Sat, 23 Apr 2016 14:03:26 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <1461417342.6149.17.camel@pentium.freedom.box>
X-Provags-ID: V03:K0:J4zpK+i5pikRmvRD6uxqvSZR0+CyxN50vagk/RiiGNpq0twmGGf
 ZkNAhpWONZ3wai71fuwPvx6/pO72w746gVzWR87tO6wAKDL0DmckDqN3GnBV5scvRDmX9Oa
 6Txf64BqZ2vOFuKAwf2WrWc2msaE/33jb9LvG3kAv7B33BMpY5KBy6eCIKxC7JaLCJSaEQc
 YmMETOuHCnFr6wZC2tGKw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:aOULOzM66ZM=:j7eY/ueyOsVHmd1W0a+8o9
 otba/p4PrAXHCJCRzdh14iwGO5lYqKfBSVNr1m/hL4o4lnzxC8/autgpjHw9g8X18pspXBfUd
 KUL81vmQw5JAIR2iKNYsHen1wahTT5G3GmKoJ3yG5cVwzYug8coFsJ1Vz7r+tWNAHvNkwcYLF
 cDbirBF4YbPCPJ6GrSWWJ0tfBKDuXm7XaXYqLlyiyfPwyybR7cymO/xe/g7hS44eQam41Lgxj
 2JODune/jP3Z/IL6UH+j21Ng4eYfVTMWnCmSU3kqS0Dy1c/tBeJANMeybL1Lp+QptRluXuL8b
 0pXgGxQN6nu8oWv1frUaEUHnC0VQCOUGRCc+qz140EtQsbGaydZfJ0MX8JvpB0sbFPp7X7wVx
 xFKA0CzpsvnNDVjZMqnJ4XCgwAqWvHP+UnXoNa/Zzw/0lkoYICE95LsTv8GdTe5y0vNpV19ML
 p6hGK/8GcomQ71vuWHXlQrOCXMmXE4N5XwXKRyxRZ6aZM4ACxbP0x5uhVNEt3AuUq7/sV3pNl
 rXnFGqo4PrpQTNMotnVKjylfxPmHFOH3uYIRqg/freogYzvYoIzGcPifNpVEkVOVOCkQksv8J
 HRDxP3lgUXke4Y+1Tn1UH8C9VE5dPNJwq2CFOM4MkpW5O0K3vG+KweT5bFKzBSAqcBXe7V8rW
 8m8CYDCnLUW9p0X8LcCssikxp1mQm3QSOAkn8UX7456pe7SGkvQcp2Y8QoPNWtElbDaEb9IHV
 otbizNAHXTF6rcPyhuBx1AGvV17/nXhOWl5LMakzHJmVuoDiVcWQmP+DZHc2LQt02wSq3tQuh
 DfMzUfK
Subject: Re: [tor-talk] 12.7 percent of the domains I visit are intercepted
 by CloudFlare
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 4/23/2016 8:15 AM, Rob van der Hoeven wrote:
> Hi,
>
> Today I got an idea of how to measure "The CloudFlare problem". It turns
> out that every time you visit a website that's behind CloudFlare a
> cookie is set with the name __cfduid
>
> If you use Firefox these cookies end up in a SQLite database which can
> be queried with the SQLite Manager add-on. My total number of cookies is
> 2523 (I disable third-party cookies by default). CloudFlare cookies:
> 321. So 321/2523 *100 = 12.7% of the domains I have visited are
> monitored by CloudFlare. Quite shocking I think.
>
> Rob.
> https://hoevenstein.nl
>   
Are you saying using TBB, cloudflare sets cookies withOUT either
checking "accept cookies from sites;"
or entering an exception for their domain in TBB's cookie exceptions;
or when in Options > Privacy - "Accept 3rd party cookies" = Never?

If I don't set "accept cookies" & select "never allow 3rd party 
cookies", and don't enter a domain in cookie exceptions, I don't get 
cookies.
(seems the "Exceptions" Privacy option should be called "Permissions," 
same as the profile file containing them - "permissions.sqlite."  They 
didn't consult me on the UI.

You don't have a cookie manager addon installed, do you?  Maybe changing 
TBB default behavior.

Even if I check TBB - "Accept cookies from sites", on restarting TBB, it 
unchecks that box (by design).

For TBB (Firefox) - Tools > Options > Privacy - what I don't understand 
is why TBB allows "Accept 3rd party cookies" to be reset to "Always," 
when you check "Accept cookies?"
Then it also *unchecks* / *over rides* the Torbutton Privacy & Security 
Settings - "Restrict 3rd party cookies & other tracking data" - and then 
definitely allows 3rd party cookies.

It probably shouldn't.  Doesn't this allows tracking _during_ the 
session?  True, 1st & 3rd party cookies & exceptions are deleted on 
restarting TBB.

If users check allow cookies in TBB - Firefox Options, TBB probably 
should prevent 3rd party cookies from automatically resetting from 
"Never" to "Always."
Especially when Torbutton's Privacy setting is checked to restrict 3rd 
party cookies.
Seems the only way Torbutton settings should be allowed to change is 
from Torbutton UI.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

