[tor-bugs] #17432 [Tor Browser]: Bookmarks and Data Forensics
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 27 03:44:47 UTC 2015
#17432: Bookmarks and Data Forensics
-----------------------------+----------------------
Reporter: mrphs | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Keywords: UX
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+----------------------
When you need to visit an specific .onion repeatedly, you mainly have two
options:
1. Bookmark it
1. write them down on a piece of paper
''-as you might have guessed no one goes for the second option, so let's
talk about the first one-''
Bookmarks are currently being stored in clear on disk.
'''Scenario:''' A person gets arrested by [put-your-fav-adversary-here]
with Tor Browser installed on their computer. So far so good. We've a big
range of users... plausible deniablity and all that. Until... they find a
link to say a whistle-blowing platform bookmarked on their Tor Browser.
How do we want to deal with this issue?
Should we show user a warning message when they're bookmarking an .onion
address, like the one we do when they try to download something and advise
them not to bookmark any sensitive address?
Should we somehow encrypt their bookmarks with a password or something?
(Tails style)
Should we give them an option to plug in a (possibly encrypted) external
storage like a USB stick and never save the bookmark on the primary disk?
Bookmarks are one of the most effective tool users have to defeat phishing
attacks.
How do we communicate danger to users?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17432>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list