Full Disclosure mailing list archives
Tracking with etags
From: Adam Gleave <nard.list () gmail com>
Date: Tue, 14 Feb 2006 08:23:35 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 First, sorry if this has been mentioned before. I've searched and haven't found any mention, but it seems too obvious to have not already been reported. Basically, client gets etag from server, client sends etag to server next time it connects, server can associate client. Might not sound significant, but if Gmail - for instance - gives people Etag's, they - and anyone listening in on the connection - can associate unanonnimized accounts with anonymized accounts. I tested this on tor + privoxy and it worked. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (OpenBSD) iQIVAwUBQ/IDmsLXg8DOh72JAQK94hAAhCS1r7b6R1xJa9QuGD2MNJLZbNPuZxbc 4d9R/5wV2Xa2/UDbGwjAoX2kZNsje9X+tLwIcprSp1sUavXnYZZZC2GJblvmc3j7 UDAVo3Ge44U4GFTP03l86DPWD18d6PmkYkrdUkOJfCiaGDSnhlsOjvywFUqOIvDq cLuDrKXYn2XCu1wEG5BUPVKQSRdIvyK4lsIEGUlUgVCsp5H0ComeVIOANcNUxwrW GGnvh7X+6lzbpLAsb89QME3I8+2CcHhGjkbGr47R/eBcjU1zGKObbVS+4McYgJaY VL5hNnTUgst4a+m3mm6dPSm+n/MDurnXVq+AvWOf0YA6yjZO+ve6vUQsfrfujN2d 3p+4xj5cNWS1AMpF9/0lcSFwOr43hfOG4xePbdyXOppMeSTMDGf2ApuPvpjn4jKg nGhDqq4Ho2DZDnoMYhYtdeW6dB7QGxluChmC0Mflnaar1EBJyUrqppPfDPPK8OLG /8ZVgJo3qR+ruKGpfzC7pKP43Q8gMRUWu6YuPg92SIojgd2mJXfR2zlRQkgZeg71 CO+use+wCeuFMw0ICA64dfwIJrl7EoAaNTTAaKgoy8Wiklh4y8jN3xclSPqv1QWv kKqTA5ZeTlzxZyM1lLHJ05ruBk1WUBQ7TKijEX67hrQrkBFPw3yB1clHbwLotVjV ls51uf4YtAM= =pvn0 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Tracking with etags Adam Gleave (Feb 14)
- Re: Tracking with etags Georgi Guninski (Feb 15)