[tbb-bugs] #18233 [Tor Browser]: Get rid of the cookie "protection" cruft from Torbutton
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 4 10:08:52 UTC 2016
#18233: Get rid of the cookie "protection" cruft from Torbutton
-----------------------------+---------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords: tbb-torbutton
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+---------------------------
I wonder why Torbutton still includes the "cookie protection" stuff.
Looks to me like that code is the oldest, ugliest, more useless part of
the addon, am I wrong?
It seems to be a heritage from the days when one was supposed to attach
Torbutton to any regular Firefox release. Does it even have a place in
Tor Browser?
Last month someone in tor-talk asked what the cookie protection mechanism
consisted of. There were 5 or 6 replies, including 1 from a Tor Browser
guy. None of them answered the question, I suspect none of them knew (and
failed to admit so).
Doesn't the whole "protection" add up to "won't be deleted when renewing
identity" (if it worked, which apparently it doesn't)? If that's the
case, then calling such cookies "protected" is pretty stupid. Call it
"preserved" or something like that. I suspect "protected" made a bit more
sense when Torbutton was supposed to handle both Tor and non-Tor sessions;
those days are long gone.
Why not just remove that part of the addon? At least until it's been
reworked.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18233>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list