[tbb-bugs] #18589 [Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 20 16:01:26 UTC 2016
#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
-----------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------+----------------------
Tor browser (hardened-6.0a4) writes a file called
SiteSecurityServiceState.txt that has a list of sites I've visited. E.g.
it has "en.wikipedia.org" and that definitely wasn't there after I first
ran TB. It didn't appear right away when I visited Wikipedia but
eventually made it to disk (maybe it writes every few minutes or just at
shutdown).
I have all history disabled in privacy prefs (except cookies but they're
only till shutdown according to the dropdown). I expect TB will not write
history without consent, and I did not approve or even get a warning about
this file. I don't even see an obscure option (about:config) to disable
it. I guess I'll try symlinking /dev/null, and otherwise write some
$LD_PRELOAD to fail the open().
I understand there are security benefits but unless the user has enabled
some form of history I don't think it's acceptable. You could ship a
default file with popular sites preloaded.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18589>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list