[tbb-bugs] #17367 [Tor Browser]: Swap files can contain evidence of browsing history
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Oct 17 06:40:15 UTC 2015
#17367: Swap files can contain evidence of browsing history
-----------------------------+--------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-disk-leak | Actual Points:
Parent ID: #17208 | Points:
Sponsor: |
-----------------------------+--------------------------
Comment (by yawning):
As far as Linux goes, not without patching the kernel. The situation is
likely the same on other operating systems.
On the U*IXes, you could `mlockall()` on process startup assuming that the
system is configured to allow pinning sufficient memory (`ulimit -l`), but
given how big the runtime footprint of Firefox is, that's probably a
really bad idea. If there's a extremely limited amount of sensitive
information, then allocating the backing store from a `mlock()`ed region
may be sufficient, but I suspect patching Firefox to do so would be a
fairly large undertaking.
The answer here IMO is: Either use encrypted swap (Vista and later support
this on Windows, dunno about Darwin), use full disk encryption, or use
Tails.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17367#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list