[tbb-bugs] #17432 [Tor Browser]: (.onion) Bookmarks and Data Forensics

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 27 06:37:49 UTC 2015 

#17432: (.onion) Bookmarks and Data Forensics
-------------------------+--------------------------
 Reporter:  mrphs        |          Owner:  tbb-team
     Type:  defect       |         Status:  new
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:  UX           |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+--------------------------

Comment (by yawning):

 So, defense in depth is a good thing, but isn't this the sort of thing
 that Full Disk Encryption is for?

 >  Should we show user a warning message when they're bookmarking an
 .onion address, like the one we do when they try to download something and
 advise them not to bookmark any sensitive address?

 Is probably the least effort for arguably the most gain, since this is
 fundamentally a user education problem.  It would be nice if we had a nice
 user manual to point people at where this sort of issue (among other
 things) can be addressed in the depth it deserves.

 > Should we somehow encrypt their bookmarks with a password or something?
 (Tails style)

 Maybe.  This at least would be portable.  It should be optional for people
 that don't require such things (eg: they only use Tor Browser for the
 circumvention aspect, say to look at spacebook from work).

 > Should we give them an option to plug in a (possibly encrypted) external
 storage like a USB stick and never save the bookmark on the primary disk?

 I'm not sure if the existing Firefox code has a "please insert media now".
 If it doesn't exist this will be painful to write, and people still need
 to encrypt the USB stick somehow (I will assume that the bad guys will be
 thorough and seize every bit of technology when they nab our hypothetical
 user).

 It would be good to figure this sort of thing out before Prop. 224 HSes
 become the norm, since the Ed25519 based Onion Addresses are even more of
 a UX disaster to work with.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17432#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list