[tor-bugs] #13252 [Tor Browser]: Tor Browser on OS X should not store data into the application bundle
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Dec 17 21:55:08 UTC 2015
#13252: Tor Browser on OS X should not store data into the application bundle
-------------------------+-----------------------------------
Reporter: torosx | Owner: mcs
Type: defect | Status: needs_information
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #6540 | Points:
Sponsor: |
-------------------------+-----------------------------------
Comment (by teor):
Replying to [comment:7 mcs]:
> Because of 2-4 above, we might be able to cheat a little and just
relocate the TorBrowser directory. This will mean that our app bundle's
signature will be broken as soon as Tor Browser is opened for the first
time (this is because we make changes under TorBrowser/Data and Apple's
signature "seals" everything under Contents/ -- nothing can be modified
without invalidating the signature).
>
> It is possible Apple will be even more strict in a future release of
their Gatekeeper technology, so our other option is to keep our data
outside TorBrowser.app (either in a side-by-side folder like Ricochet does
or in the standard location under ~/Library/Application Support/).
>
> What do other people think?
If it works for now, then that's a much better user experience.
Except for users who pass around copies of Tor Browser, who will see the
"gatekeeper" check on every new machine.
I think we should avoid storing data in Application Support, because it
violates our "leave no disk traces" goal. Storing the data beside the app
is ugly, but more obvious to the user. (And it makes it easier for them to
share just Tor Browser with others, or reset their copy of Tor Browser.)
(I wish Apple had thought of apps that do not want to leave any traces
when it designed Application Support and code signing etc.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13252#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list