[tor-dev] [tor-talk] Tor Data Leak
isis
isis at torproject.org
Thu Aug 28 00:17:18 UTC 2014
sureyourejoking at aim.com transcribed 1.6K bytes:
> To Whom it May Concern,
>
> I recently noticed that Tor Browser was leaking data about websites
> I visited in Tor to my hard drive.
>
> I am running Mac OS X 10.6.8 on a 2010 model Macbook Pro 6,2. I am
> using TorBrowser Version 3.6.3.
>
> The data appears in the directory
> "/Users/Username/Library/PubSub/Feeds/", where "Username" represents my
> username. The directory contains xml files with random names and a .xml
> extension. They contain text and url's from websites which I have only
> visited using Tor.
>
> I use "No-Script" in Tor, and it is active by default. "No-Script"
> was active when I visited all of the websites, except for youtube, since
> the videos will not play while "No-Script" is active.
>
> I have installed the following add-ons to Tor: "Adblock Edge 2.1.4"
> and "Privacy Badger Firefox 0.2.1".
>
> I noticed these xml files a month ago, and moved the contents of
> /Users/Username/Library/PubSub/ to a separate location. Since then, I
> have watched the contents of this directory closely.
>
> Two days after I deleted the contents of "PubSub", a directory
> called "Database" appeared containing a file called "Database.sqlite3".
> This file seemed not to have any information about websites I visited. A
> while later, the "Feeds" directory appeared, but was empty. The "Feeds"
> directory remained empty for about two weeks.
>
> Yesterday, xml files appeared in the Feeds directory, which now
> contains 1.1 MB of files.
>
> Is this a security bug in Tor Browser?
Have you ever subscribed to any live bookmarks or RSS/atom feeds using Tor
Browser?
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140828/19374b79/attachment.sig>
More information about the tor-dev
mailing list