[tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 27 20:45:27 UTC 2014
#10756: TowBrowser should zero-out cleared partial downloads or not delete them at
all
----------------------------------+---------------------------
Reporter: mmxbass | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: Firefox Patch Issues | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------------
Normally, when a file is fully downloaded, the option remains to secure
delete the file using other tools.
When canceling a download in progress however, TorBrowser appears to
simply delete the partial download file, leaving the user with no way to
cleanwipe the file.
In the event of inflammatory/seditious/etc material, this may present an
unacceptable security risk in certain countries.
IMO, TorBrowser has two possible solutions.
1: Zero (or, better, multi-pass randomize) the partial download file prior
to final deletion.
2: Do not remove the partial download file and inform the user where the
file is and that they should wipe any potentially incriminating file.
Obviously an option to choose between these two behaviors (as well as
normal deletion) would also be acceptable although I believe that option 2
should be the default.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10756>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list