[tbb-bugs] #8988 [Tor Browser]: Spotlight and mds may have indexed the Tor Browser Bundle
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Nov 12 08:40:25 UTC 2014
#8988: Spotlight and mds may have indexed the Tor Browser Bundle
-----------------------------+-----------------------------------------
Reporter: runa | Owner: tbb-team
Type: defect | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-disk-leak, needs-triage
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------------------------------
Comment (by teor):
In order to prevent indexing of the TorBrowser dmg and app, we can add an
empty file ".metadata_never_index" to the TorBrowser.app directory, and
the root directory of the downloaded dmg file.
See https://apple.stackexchange.com/questions/87090/how-to-add-folder-to-
spotlight-do-not-index
However, Spotlight will also index other items, including but not limited
to:
* External Drives
* Downloaded Disk Image Files (we may be able to append ".noindex" to the
".dmg" file extension to fix this, but this could cause file type
recognition issues)
Can someone in the TBB team change the scripts to create the relevant
".metadata_never_index" files to the root of the disk image and
TorBrowser.app directories?
'''Alternatives'''
For completeness, and/or cleanup of previous traces.
'''Exclusion Paths'''
Spotlight has exclusion paths that can be set to prevent indexing of and
delete indexes on certain folders. Unfortunately, we'd then have to worry
about the exclusion path itself giving away Tor Browser.
{{{
# Apparently, this doesn't change the UI in System Preferences
# It may also not work at all
sudo defaults write /.Spotlight-V100/Store-V1/Exclusions Exclusions
-array-add <path>
}}}
'''Deactivate Indexing'''
A trace prevention approach is to turn indexing off before installing TBB,
and turn in back on afterwards.
{{{
sudo mdutil -i off /
sudo mdutil -i off -a
# Download, Use, and Remove Tor Browser
sudo mdutil -i on /
sudo mdutil -i on -a
}}}
'''Reindex File Types After Removal'''
Or, a more surgical trace removal approach is to re-index all files of the
relevant types after using Tor Browser:
{{{
# Use and Remove Tor Browser
# Get the list of installed mdimport plugins
sudo mdimport -L
# Re-index at least these plugins
sudo mdimport -r /System/Library/Spotlight/Application.mdimporter
# If Tor Browser came on a disk image or archive file
sudo mdimport -r /System/Library/Spotlight/Archives.mdimporter
# If Tor Browser was downloaded in another browser
sudo mdimport -r /System/Library/Spotlight/Bookmarks.mdimporter
# If images within TorBrowser's "opaque" app directory have been indexed
sudo mdimport -r /System/Library/Spotlight/Image.mdimporter
}}}
'''Delete Indexes After Removal'''
A more extreme, but also more secure trace removal approach is to erase
the Spotlight indexes on the relevant volume(s) (or, alternately, all
volumes) after removing Tor Browser. The indexes will then be rebuilt.
{{{
# Use and Remove Tor Browser
sudo mdutil -E /
sudo mdutil -E -a
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8988#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list