[tor-bugs] #4764 [Tor Browser]: TorBrowser: add secure wiping to 'Clear Recent History' (ideally automatic, on shutdown)

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Dec 22 18:02:25 UTC 2011 

#4764: TorBrowser: add secure wiping to 'Clear Recent History' (ideally automatic,
on shutdown)
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:  mikeperry
     Type:  enhancement  |         Status:  new      
 Priority:  normal       |      Milestone:           
Component:  Tor Browser  |        Version:           
 Keywords:               |         Parent:           
   Points:               |   Actualpoints:           
-------------------------+--------------------------------------------------
 High all,

 I'm not sure if this is needed considering TorBrowser tries hard to not
 write to disk. That said, adding (transparent - background) automated
 single pass secure wiping for Clear Recent History, upon Aurora shutdown,
 shouldn't add much overhead [1] and may increase security(?).

 It's a myth that one needs to use multiple passes for secure wiping of
 data, e.g., Gutmann method. Those multiple wiping algorithms weren't
 designed for today's filesystems, thus, one random pass is sufficient to
 defeat (most ... all?) forensic tools* [2][3].

 There is a neat Firefox Add-on I use with Tor Browser, called "Secure
 Sanitize" [4]. However, it has limitations in terms of automation. Maybe
 some code from Secure Sanitize could be used in Tor Browser Button?

 * assuming the data was not swapped to paging file, etc.

 [1] My computer is an Intel Pentium 4 - 2.80E GHz processor (2800.0 MHz) -
 with 512 MBytes RAM, running Windows XP SP3. And with ~80-90% of RAM being
 used by Tor Browser and other system apps (like Firefox streaming music
 from Pandora), using "Random Data (fast)" wiping algorithm (via the add-on
 Secure Sanitize) for Clear Recent History (clearing everything), takes
 only a few seconds.

 [2] "Shred files and wipe disks"
 http://bleachbit.sourceforge.net/documentation/shred-files-wipe-disk

 [3] I can provide additional references, incl. from academia, with respect
 to the issue of one (sound) pass vs multiple passes whilst wiping
 ('shredding') data.

 [4] https://addons.mozilla.org/en-US/firefox/addon/secure-
 sanitizer/?src=api

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4764>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list