[tor-bugs] #29887 [Applications/Tor Browser]: Potential user activity data leak
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 28 07:53:09 UTC 2019
#29887: Potential user activity data leak
--------------------------------------+--------------------------
Reporter: pf.team | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by pf.team):
@cypherpunks
Yes, bookmarkbackups would also be one of these things than need cleaning
up. Thanks for the info, we haven't gotten around to them yet.
You are technically right about file creation/modification ts'es, however,
there is more to consider in this case:
1) File timestamps are circumstantial evidence for something that is
itself circumstantial evidence, and gathering it requires slightly higher
qualifications from adversaries. After all, file timestamps may change for
a whole number of reasons, whereas with prefs.js they have all this data
conveniently in one place and labeled.
2) Obviously, there is no such thing as 100% safety, anonymity or
security, but at the same time, the adversary is also not some flawless
leviathan with 100% clarity and competence. For example, employees of
repressive institutions in authoritarian countries often lack both the
tech know-how required to conduct a more thorough investigation, and the
motivation to do so. Every extra step they have to take increases the
probability that they might give up here and look elsewhere.
3)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29887#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list