Search Mailing List Archives
[liberationtech] The Google cookie that came out of nowhere
vitteaymeric at gmail.com
Tue Apr 28 07:54:40 PDT 2015
+1 for the PS and the rest
I don't want to bother with this project again, but here  is
explained part of what the browsers are doing, we can see that they send
http/https request outside (example 2), but that's not enough of course,
some of them like Chrome do inject by default some scripts in the page
(example 3, this is not completely easy to detect, I noticed this with a
good old site of ours http://www.viagri.fr which at that time had 0
outside scripts in there, then I was surprised to see some outgoing
requests and looking at the source code of the page the predictad script
was there, injecting other stuff itself as well, it can be deactivated
but you have to know it)
Regarding Tor, if think that the Tor Browser is blocking at least
Regarding safebrowsing, it can make mistakes, as shown in  which
prevented us to renew a SSL certificate, I questioned Google about this
and never got a final answer.
Coming back to FF, as already asked it would be interesting to know
precisely what it is sending outside and if there is an option to tell
FF not to send anything (even ocsp queried with http sometimes, we don't
Le 28/04/2015 09:50, carlo von lynX a écrit :
> Juicy content from Ashkan Soltani further below.
> On Sun, Apr 26, 2015 at 01:26:29PM -0700, Al Billings wrote:
>> If you're the kind of person paranoid about safebrowing pings and similar, yeah, you should pull the tinfoil hat tighter and block all things.
> What I said in the original posting:
> "I was told it even lets Google have the cookie it uses to
> identify you, so even if you use Tor, the five eyes immediately
> know it is you. I didn't bother to check however."
> I wonder if you read that part. Should that part be accurate, then
> safebrowsing is among the top vectors for mass correlation of IP
> numbers (or Tor circuits) to specific browsers and human beings.
> The others being font and jquery includes, search engine utilization
> and maybe a few +1 buttons here and there.
> We discussed this topic back in 2014, May 12th to be exact.
> safebrowsing could be offered in a distributed anonymous way,
> instead it is being done in a way that it de-anonymizes people to
> the fie eyes.
> Some weeks later I accidently met Ashkan Soltani who told me he
> already dissected the issue in pre-Snowden days. Looks like it
> hardly got traction - since noone knew the implications:
> It is actually quite incredible that Google has been flying under
> the radar of general interest since Ashkan's story came out, given
> the immense implication for mass surveillance.
> P.S. I don't think you have the necessary competence to tell *anyone*
> about tinfoil hats and would like to ask you to contribute to this
> mailing list less frequently and more thoughtfully. Thank you.
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the liberationtech