[tbb-bugs] #22642 [Applications/Tor Browser]: TorBrowser 7.x Mac - Disable kMDItemWhereFroms extended attributes at least in Private Browsing Mode
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jun 18 01:08:43 UTC 2017
#22642: TorBrowser 7.x Mac - Disable kMDItemWhereFroms extended attributes at least
in Private Browsing Mode
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
In late 2016, Mozilla developers implemented kMDItemWhereFroms extended
attribute metadata on macOS to behave more like Safari (however Safari,
rather surprisingly for Apple, doesn't write xattrs in private browsing).
When files are downloaded, Firefox (v51+) writes the URL of downloaded
files to a kMDItemWhereFroms entry in the file's extended attribute, even
in Private Browsing mode. This metadata can be viewed using "xattr -l
<file>" and removed using "xattr -rc <file>", but on later versions of
10.12 this metadata is usually also written to
~Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
I plan to file a bug on bugzilla and ask the devs who implemented it
whether they could add an about:config pref or disable the functionality
in private browsing, but in case they don't respond, I thought I'd file a
ticket here too since TorBrowser is now on v52ESR.
Here's the bugzilla bug where the developers originally implemented the
kMDItemWhereFroms functionality.
https://bugzilla.mozilla.org/show_bug.cgi?id=337051
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22642>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list