[tor-dev] Tor Data Leak
sureyourejoking at aim.com
sureyourejoking at aim.com
Wed Aug 27 20:22:22 UTC 2014
To Whom it May Concern,
I recently noticed that Tor Browser was leaking data about websites
I visited in Tor to my hard drive.
I am running Mac OS X 10.6.8 on a 2010 model Macbook Pro 6,2. I am
using TorBrowser Version 3.6.3.
The data appears in the directory
"/Users/Username/Library/PubSub/Feeds/", where "Username" represents my
username. The directory contains xml files with random names and a .xml
extension. They contain text and url's from websites which I have only
visited using Tor.
I use "No-Script" in Tor, and it is active by default. "No-Script"
was active when I visited all of the websites, except for youtube, since
the videos will not play while "No-Script" is active.
I have installed the following add-ons to Tor: "Adblock Edge 2.1.4"
and "Privacy Badger Firefox 0.2.1".
I noticed these xml files a month ago, and moved the contents of
/Users/Username/Library/PubSub/ to a separate location. Since then, I
have watched the contents of this directory closely.
Two days after I deleted the contents of "PubSub", a directory
called "Database" appeared containing a file called "Database.sqlite3".
This file seemed not to have any information about websites I visited. A
while later, the "Feeds" directory appeared, but was empty. The "Feeds"
directory remained empty for about two weeks.
Yesterday, xml files appeared in the Feeds directory, which now
contains 1.1 MB of files.
Is this a security bug in Tor Browser?
More information about the tor-dev
mailing list