Delivery-Date: Sun, 10 Jan 2016 18:31:06 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	FROM_LOCAL_NOVOWEL,RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 516ED1E0874;
	Sun, 10 Jan 2016 18:31:04 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 421AF2194E;
	Sun, 10 Jan 2016 23:31:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 197512194E
 for <tor-talk@lists.torproject.org>; Sun, 10 Jan 2016 23:30:57 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 9BtN15TOREzG for <tor-talk@lists.torproject.org>;
 Sun, 10 Jan 2016 23:30:57 +0000 (UTC)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 9B3E420D80
 for <tor-talk@lists.torproject.org>; Sun, 10 Jan 2016 23:30:53 +0000 (UTC)
Received: from [192.168.2.60] ([99.190.181.188]) by mail.gmx.com (mrgmx102)
 with ESMTPSA (Nemesis) id 0M8JyQ-1Zvfpr3nH8-00vxPN for
 <tor-talk@lists.torproject.org>; Mon, 11 Jan 2016 00:30:50 +0100
To: tor-talk@lists.torproject.org
References: <868u3zu5y5.fsf@kitt.localdomain>
From: Joe Btfsplk <joebtfsplk@gmx.com>
Message-ID: <5692E9A9.4030705@gmx.com>
Date: Sun, 10 Jan 2016 17:30:49 -0600
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <868u3zu5y5.fsf@kitt.localdomain>
X-Provags-ID: V03:K0:M0JYv8HTLUqh9mlg3FdR2v2iZrc3nJG/4w0ZhS2BF7M3eud7Ht4
 UaiRrxfqYlhFskOlrunQKRrE+8V+OttVvDj7tYnuQRyBNWk7ghmvLKMoNU8tJqbEjGZarky
 GW6D4qsiIfss8+yMGT/SJTGQujw23JrgEYQnjHtpyD8zOB48/VfrZZO0vkj7m9qa24ZBIbQ
 5EMiatr6EuC/ahACeLDmg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:fgL73th8xR8=:bTQGsmCmCME+ZWRvT5MZFL
 9mzFuPEd//L+ucmSZqo8p91E5ADeHQQIx2MecLEqTcjb/qLjg8bqoe4Z2xPRfgGT2VYuUc0bi
 i2XG8dR9XzLBfBYrkI/k883AqqDhPs6a2uXXS+OoIYF04uHuNIcbHQwYNvcvCRLnH7HIlXSfb
 kCZOfC1yxLRZZoZ7uWPcTp00uIrpbtvSnor/CVah+bxmx32iDUTJK8QUSkF4rHl3zmGHbduSo
 PfunbtNnW2EOYoXZMDOVdT1zYjNBY/MZ5+TaKoL63e+w+xYZA+IxfYrA4DLE6Pxp2J7dk1Yoi
 FnOZy5Ri1PH0LxJok9PnbM0zHkl4nq86svQ/8CqAycRfPgT7LYQZmgYYA6NfkDC3n/+o3uaIR
 89WXHnYUnciZn3iZrZp1lWESMysw1PGUQyMLJDEG8wTfz1VJUHY3+4Q81V6fNuOoNI5jO40jl
 AIwr/eLis2XhYhLfFHULGkFM1+p+v88HJjpddy26fR0D3xVPMUQzCUPznSlJceOQhDZXtsort
 67IldB48oasl9Ip4tQpPjKpzFkRl9n68JicCvlhj80IBgk7EdTUr+CkehB0WL4R7th1OdEBmX
 AYBFYDthpg1bnm8pGY6JUrZ8dzk1SBYL/uWBY2Ynv3XVRrwdisOFnd2C7NRXTmshE3Ra3sPAR
 rxCX88D9tnhdamJwFsfP8PPtZkiRTAXjc4XUQyByH0+pKx3wsEPKqRiEY45efivTgk6K+ooVF
 CKAH8d/axEmTknLZQozSQKzoiq9LTJ8FKKvsj5CYu3C8QYTRlnAQrhkQU7L+Gu93fFTUvVy7M
 snLhmmf
Subject: Re: [tor-talk] What is "cookie protections"?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 1/8/2016 3:17 PM, Yury Bulka wrote:
> I've disabled the "Don't
> record browsing history or website data" check box in the Privacy and
> Security Settings dialog.
> There's only one potential danger I see here - cookies.
In Windows TBB, there's a selection "Use custom settings for history."
The "Remember my browsing & download history" are handled separately 
from "Accept cookies" (separate check box).

At shut down, TBB deletes all site preferences (Exceptions) & cookies, 
regardless if those are unchecked in "Clear history when Tor browser 
closes" settings.  So that no data is saved across sessions.   If you 
want to selectively delete cookies mid session, you'd have to do it 
manually -  (or use various cookie mgr or cache & cookie mgr addons, 
which isn't recommended by Tor Project). Unless just using TBB for the 
added safety, not maximum anonymity - then using (certain) addons 
probably isn't a super bad thing.

I'm not sure (now days) the possibility of some sites sharing data from 
SESSION cookies.  In the old days, 1st party cookies couldn't be read / 
used by other sites.  Unless maybe if 2 sites were owned by same people.

In Firefox & TBB, if check "accept cookies," the "accept 3rd party 
cookies" is automatically checked.
But, TorButton has checked by default, "Restrict 3rd party cookies & 
other tracking data," so it probably ? overrides 3rd party cookies being 
enabled in the TBB Options > Privacy screen.
Then I'm not sure why TBB automatically check the 3rd party cookie box, 
if "Accept Cookies" under Privacy tab is checked, if the TorButton is 
set to prevent 3rd party cookies.  It's confusing (I don't think it 
should).

Short of using addons to save cookie exceptions or cookies between 
sessions, one could store cookie exceptions in a separate 
permissions.sqlite file - in another location.  If paranoid, encrypt it 
-  then decrypt it & copy to the TBB profile before launching TBB.


> This is why I'd like to understand what is the "Cookie protections"
> dialog about.
   In Windows TBB, I don't see settings called "Cookie Protections."


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

