You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and then injecting Javascript into the beginning of HTML/Javascript downloaded that redefines the global functions that other Javascript would need to use storage:
Per @jcs comment, I've done everything I can to disable these features. Unfortunately, it does look like the browser ignores that preference (I think it used to work in earlier versions of iOS — and it seems to work in the current version of the simulator).
If you press "New Identity" or when you force-quit Onion Browser (or if it crashes) and you start it up again, the app will clear all local data. It's known that HTML5 storage and local databases are stored in the Caches directory of an app.
Testing this by setting "Allow All Active Content" (which takes away the JavaScript injection to overwrite global functions) and using the samy.pl test, you will get the "evercookie" set; then pressing "New Identity" properly wipes the value from all mechanisms on that test.
So unfortunately, because we actually don’t have direct access to WebKit (only the APIs given to us in UIWebView & associated controllers), any blocking code the app provides is disadvantaged and can always be pre-empted by the OS and the framework. But the app does purge the data when it can (starting a new session of the app) and when the user prompts, which is maybe the best we can do without a chance of side effects (i.e. clearing the Caches during browser use).
No description provided.
The text was updated successfully, but these errors were encountered: