[tbb-bugs] #29887 [Applications/Tor Browser]: Potential user activity data leak
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 27 07:52:09 UTC 2019
#29887: Potential user activity data leak
--------------------------------------+--------------------------
Reporter: pf.team | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by pf.team):
This threat model is not that unlikely, especially in countries where Tor
is needed the most.
Tails, however, requires more skill to use on one hand, and arouses more
suspicion from repressive authorities on the other. More so than just
finding Tor Browser installed on the local machine, as TB is much more
often used for mundane purposes, such as access to content that is blocked
in one's country for political or copyright-related reasons. Tails,
however, immediately incriminates the person in question as someone with
something to hide, something serious enough to require a whole operating
system centered around anonymity. This in turn makes it more probable that
the person in question will be, for example, tortured for information on
his or her activities, or simply put under closer surveillance.
As a quick fix these parameters may be overwritten by some default values
each time the browser exits.
We also found another one of these:
* browser.laterrun.bookkeeping.sessionCount - counts how many times this
browser has been run
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29887#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list