Allegedly, on or about 24 August 2016, Joe Zeff sent: > Except, of course, for the fact that most servers aren't running > browsers, and if they are, that cookie will identify them, not you. > The point I was making, and you didn't address is that there is no way > to use the DNS protocol to set or retrieve a cookie in an end-user's > browser. To be blunt, the points you missed, were: a. Not that it's the DNS protocol, but a DNS server, that was implicated. DNS servers can keep access logs, too. b. We were talking about web servers. It's kind of implicit that it's webservers and webbrowsers when talking about cookies. And since the exposé of the exploit talked about JavaScript, Flash, Silverlight, webhistory, and a variety of other website related things, the point was quite clear. But just to be sure, this link is practically a one-page list of things: https://en.wikipedia.org/wiki/Evercookie c. Cookies *do* identify *you* (or are able to). If you log into to anywhere that's in the middle of this spiderweb, it identifies you. If you don't log in, just browsing the web anonymously, it may not identify you, but certainly categorises you. And with a service that has a massive database at their disposal, and the longer you're on-line, it may well be possible to follow that through to an identification. e.g. You've posted on a public list, something will be databasing this list, recording messages and headers. It has your IP and your email address. Marry that up with something else logged on internet using the same IP at the same time, and it's a 99% chance that it's you. If they're lucky, some time while your browsing you'll use a server that they can set a cookie with. And use that as an aid to them further keeping track on you. You really do have to be one of the tinfoil hat brigade, never logging in, using things like TOR, stealing other people's WiFi, changing IPs, etc., all of the time to be able to avoid that kind of big brother watching (in the Orwellian sense) -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list. Hooray! I finally finished typing this email. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
