From the sounds of this it sounds like it doesn't persist past browser restart? ...

piccirello · 2026-04-22T20:35:58 1776890158

This excerpt from the article describes the risk well.

> In Firefox Private Browsing mode, the identifier can also persist after all private windows are closed, as long as the Firefox process remains running. In Tor Browser, the stable identifier persists even through the "New Identity" feature, which is designed to be a full reset that clears cookies and browser history and uses new Tor circuits.

fc417fc802 · 2026-04-23T01:59:07 1776909547

I wonder why "New Identity" wasn't implemented as a fork-and-exec with a newly created profile?

vscode-rest · 2026-04-23T07:11:10 1776928270

Follow the money.

tardedmeme · 2026-04-23T13:27:23 1776950843

Or it could just be a bug.

permo-w · 2026-04-23T10:32:08 1776940328

Seriously. TOR is primarily funded by the US government. Maybe this or not all bugs are deliberately left in for the sake of allowing backdoors, but people should not forget this

warkdarrior · 2026-04-22T20:18:33 1776889113

This is where you use id bridging.

1. Website fingerprints the browser, stores a cookie with an ID and a fingerprint.

2. During the next session, it fingerprints again and compares with the cookie. If fingerprint changed, notify server about old and new fingerprint.

mmooss · 2026-04-22T20:13:32 1776888812

Many users leave their browsers open for months.

allthetime · 2026-04-22T21:49:44 1776894584

Privacy and security conscious Tor users don’t.

autoexec · 2026-04-23T04:03:46 1776917026

Open enough tabs and you'd be lucky to keep firefox running for more than a couple weeks.

danlitt · 2026-04-23T08:12:50 1776931970

I have had hundreds of tabs open for many months in the past. The bottleneck is usually the OS crashing rather than firefox.

wongogue · 2026-04-23T07:19:58 1776928798

I have 488 tabs in the session with more than 50 loaded. The running session has 72 processes.

Izkata · 2026-04-23T22:06:51 1776982011

I'm around 1700 tabs with somewhere in the 20s or 30s loaded. It's been a month or more since I restarted firefox.

shevy-java · 2026-04-22T19:25:01 1776885901

Would it though? I guess state agencies already know all nodes or may know all nodes. When you have a ton of meta-information all cross-linked, they can probably identify people quite accurately; may not even need 100% accuracy at all times and could do with less. I was thinking about that when they used information from any surrounding area or even sniffing through walls (I think? I don't quite recall the article but wasn't there an article like that in the last 3-5 years? The idea is to amass as much information as possible, even if it may not primarily have to do with solely the target user alone; e. g. I would call it "identify via proxy information").

Barbing · 2026-04-22T20:54:00 1776891240

> I guess state agencies already know all nodes or may know all nodes.

Assume the same.

>The idea is to amass as much information as possible

Reminded, from 2012: https://www.wired.com/2012/03/ff-nsadatacenter/

akimbostrawman · 2026-04-23T07:10:58 1776928258

All Tor nodes are publicly known. Just knowing them doesn't help tracking at all because of onion routing, they would need access to all nodes.

https://metrics.torproject.org/rs.html