Delivery-Date: Tue, 22 Jul 2014 22:41:43 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 19C5F1E0D3C
	for <archiver@seul.org>; Tue, 22 Jul 2014 22:41:41 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 04B6E3044B;
	Wed, 23 Jul 2014 02:41:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8350D3048D
 for <tor-talk@lists.torproject.org>; Wed, 23 Jul 2014 02:29:49 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id gAwJvZXQWNcs for <tor-talk@lists.torproject.org>;
 Wed, 23 Jul 2014 02:29:49 +0000 (UTC)
Received: from patternsinthevoid.net (greyarea.patternsinthevoid.net
 [106.187.37.158])
 by eugeni.torproject.org (Postfix) with ESMTP id EAD72303FE
 for <tor-talk@lists.torproject.org>; Wed, 23 Jul 2014 02:29:48 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by patternsinthevoid.net (Postfix) with ESMTP id 9682F43C213
 for <tor-talk@lists.torproject.org>; Wed, 23 Jul 2014 02:29:43 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at patternsinthevoid.net
Received: from patternsinthevoid.net ([127.0.0.1])
 by localhost (greyarea.patternsinthevoid.net [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id IQUt6yc2b8pr for <tor-talk@lists.torproject.org>;
 Wed, 23 Jul 2014 02:29:37 +0000 (UTC)
Date: Wed, 23 Jul 2014 02:29:08 +0000
From: isis <isis@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140723022908.GC7899@patternsinthevoid.net>
References: <CAPKwhwuFRouCjBxpnrecOp1hZP9kHLMCjp1od-MmxPEgAMZYQQ@mail.gmail.com>
 <CAPKwhwvyVD8xb_C+Z2ZeYYQ8p+Ag2RkUPCqOW8F=PQZ3a5v0Zg@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CAPKwhwvyVD8xb_C+Z2ZeYYQ8p+Ag2RkUPCqOW8F=PQZ3a5v0Zg@mail.gmail.com>
X-GPG-Public-Key-URL: https://blog.patternsinthevoid.net/isis.txt
X-Louis-Lingg: In this hope do I say to you I despise you. I despise your
 order, your laws, your force-propped authority. Hang me for it!
Subject: Re: [tor-talk] Fwd: Tor and tlk.io
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1870272369483627241=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============1870272369483627241==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="da4uJneut+ArUgXk"
Content-Disposition: inline


--da4uJneut+ArUgXk
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Scott Arciszewski transcribed 0.9K bytes:
> > Somebody told me of tlk.io. I have joined. I closed the window and when
> > I was back I already had all settings as last time. I cleared the
> > cookies and went back. I was like logged in, without ever logging in. I
> > closed the window, cleaned up everything the delete all data can remove
> > and 15 minutes after I reentered. I was still registered. New identity
> > had no effect either. I had to close down Tor and start it again to lose
> > the whatever that keeps identifying me.
> >
> > What is this? How do they do it? Are there other sites like that?

Many sites use HTML5 canvas fingerprinting. Visiting either
https://github.com/isislovecruft or https://pad.riseup.net/p/Lb57JrCmVzBt
should trigger that little dialogue about "accessing the canvas" in TorBrow=
ser
too.

> I'm using the latest version of the Tor Browser Bundle. It gives me this
> prompt: http://imgur.com/ZGqzK4Z

Can I ask you a question? When this dialogue (the http://imgur.com/ZGqzK4Z
one) comes up, what do you usually do? Do you click the "Allow in the Futur=
e"
button? Or click the little "X" in the corner? Or something else?

> http://www.propublica.org/article/meet-the-online-tracking-device-that-is=
-virtually-impossible-to-block
> ^- possibly related

TorBrowser is patched to block attempts by websites to access HTML5 canvase=
s,
since there isn't much legitimate purpose for a site to do this, other than=
 to
track you as that article you linked points out.

However, if you've already clicked the "Allow in the Future" button on the
little dialogue that comes down from the URL bar when a site attempts to do
this, there isn't currently an easy way to revoke the permission you gave. =
[0]
Additionally, there appears to be an issue in nsIPermissionManager (used by
TorButton when "New Identity" is clicked), because the permissions currently
aren't being cleared properly. [1]

For now, my best advice is to be very careful allowing any site to access
HTML5 canvases until we make it easier to revoke the permission. (In other
words, click the little "X" next time. :) )

[0]: https://bugs.torproject.org/12682
[1]: https://bugs.torproject.org/12683

--=20
 =E2=99=A5=E2=92=B6 isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt

--da4uJneut+ArUgXk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQMhBAEBCgELBQJTzx30BYMB4TOAVhSAAAAAACUAKGlzaXMrc2lnbnN1YmtleUBw
YXR0ZXJuc2ludGhldm9pZC5uZXRGQzYzQUE1Q0QxOTM4NjlDMzIzNzE0NUE1QzE3
Nzc2RTI3RjdFODRESxSAAAAAABoAKGlzaXNAcGF0dGVybnNpbnRoZXZvaWQubmV0
MEE2QTU4QTE0QjU5NDZBQkRFMThFMjA3QTNBREI2N0EyQ0RCOEIzNS4aaHR0cHM6
Ly9ibG9nLnBhdHRlcm5zaW50aGV2b2lkLm5ldC9wb2xpY3kudHh0LJhodHRwczov
L2Jsb2cucGF0dGVybnNpbnRoZXZvaWQubmV0L2lzaXMudHh0AAoJEFwXd24n9+hN
mo4P/07D30VkTkHvMp8jQRgMGnLvwJe5r7VTSWmgvurpiNg7L/bKOAVSg/K5tUGT
I1O7GCfPqt/QCrBacpSiS5F4nY+H2TyZ1zwYFJm7YJUr6fBSUrKcYwGSDhYtnN0J
H4i4G8UoDU9hMgarCd2jTjFzcGBu10s4dnJvXgKIMt4NQpLwFdskRkjobnXckbMC
qUSdf9UqCQ2LgLX7zftXowaAfj6v0dYIwy8wk0ALvWB6ZcGMJstrDDdw6biBj70q
yb98FwHP3V3LtODcWeypDkXXMpNP/+j+HFoGUMKhk601fQ5WMNjsmMVEymPyVdY5
eo9OmJYtn/31dIpzo7A9uGLIek3U8hBpUpQPeFpLpsFtFCX8s777eN3Yf4cYisLh
b8q2paxjvalXIBPVzjizn43dM0NnSkfqVZuelueC8ScoxKlY9JEDJLR/6tBsBQxz
Scxv1ksQW+NEC/kwi4qjio87K9SvqrvjgvU2suhXIfrZU3fqtjEKpj8wKqsIr862
cVDru8ioKwilor0lVWUdpBl0FIjZcwBrEcyZ+ScKoNFCVEo2t7nMD4r0/g8hdluG
qba4PXEDy2JVsGhJKxiFdnROstlvjCHR94YgwrMQ5WRwMzT7Cw6glZbt8v4ibsN7
XzDx2UIegSWMrnlo/fPP6GYt5Zdk2fZJs/EpEynvso9mCXM4
=EFka
-----END PGP SIGNATURE-----

--da4uJneut+ArUgXk--

--===============1870272369483627241==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============1870272369483627241==--

