Should TorBrowser preserve cookies across opening a new, different size window for same site?
In TBB 6.5.2 Linux, if cookie exceptions are set for a site & TBB's window borders are accidentally dragged (very easy to do), if you open the / a tab in a new window to restore the default window size, the cookies are preserved.
Does this or similar scenarios pose any anonymity or fingerprinting concerns? A cookie that was set under perhaps unintentionally resized window. Within a few seconds, the same cookie is associated w/ a new circuit and a different window size. Is this a concern? Not so much because of the visited site, but other adversaries / trackers.
Dragging a tab off Firefox's desktop or opening tab in new window doesn't keep the same circuit (by design?) but does preserve cookies. At least, no circuit info shows under Torbutton after moving a connected site to a new window. But it allows establishing a new circuit.
In tests, under the mis-sized and new correctly resized window (returned to default ) the cookie ID values were the same.
In this case, it seems there's no doubt that the same person viewed the exact same material or pages on a website, under two different window sizes and two different circuits, from a couple of seconds to a while, depending whether you immediately realize the window was accidentally resized (not hard to overlook, as no warning when dragging borders).
Trac:
Username: joebt