"New Identity" has cache race conditions that temporarily allow evercookies
The TorBrowser is not defending against evercookies.
By pressing the TorBrowserButton "New Identity", the evercookies set by samy.pl/evercookie seem to be cleared, but they are restorable.
This affects the following types of evercookies:
cacheData mechanism etag mechanism pngData mechanism windowData mechanism cookieData mechanism
That is a critical behavior because of linkability between different TorBrowser sessions.
If the TorBrowser is completely closed and then reopened, the evercookies seem to be really deleted according to Samy's testing page.
Please check this. Thanks!
Trac:
Username: guiseppe