[tbb-bugs] #17432 [Tor Browser]: Bookmarks and Data Forensics

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 27 03:44:47 UTC 2015

#17432: Bookmarks and Data Forensics
     Reporter:  mrphs        |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:  UX
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
 When you need to visit an specific .onion repeatedly, you mainly have two

  1. Bookmark it
  1. write them down on a piece of paper

 ''-as you might have guessed no one goes for the second option, so let's
 talk about the first one-''

 Bookmarks are currently being stored in clear on disk.

 '''Scenario:''' A person gets arrested by [put-your-fav-adversary-here]
 with Tor Browser installed on their computer. So far so good. We've a big
 range of users... plausible deniablity and all that. Until... they find a
 link to say a whistle-blowing platform bookmarked on their Tor Browser.

 How do we want to deal with this issue?

 Should we show user a warning message when they're bookmarking an .onion
 address, like the one we do when they try to download something and advise
 them not to bookmark any sensitive address?

 Should we somehow encrypt their bookmarks with a password or something?
 (Tails style)

 Should we give them an option to plug in a (possibly encrypted) external
 storage like a USB stick and never save the bookmark on the primary disk?

 Bookmarks are one of the most effective tool users have to defeat phishing

 How do we communicate danger to users?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17432>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list