[tbb-bugs] #18382 [Tor Browser]: Private browsing retains state
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Feb 28 00:44:12 UTC 2016
#18382: Private browsing retains state
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Comment (by cypherpunks):
Replying to [comment:7 cypherpunks]:
> Replying to [comment:6 cypherpunks]:
> > Yours is a convenience issue, not a security one, and has been raised
long ago and eventually dismissed: #10400.
> > Here's another somewhat related ticket: #17594.
> No, this ticket is the opposite. Those tickets above are about
preserving session state across restarts and potentially allowing users to
shoot themselves in the foot.
> This ticket is about minimizing session state (purging it as soon as
Alright, good point. But you see why I mention them, don't you? New
Identity was offered as a solution above and you rejected it because
"loses all open tabs/windows". Maybe I read too much into it but you
surely see the relation.
> Many users won't expect that the session state is kept behind their
backs - the cookies in private browsing mode are invisible to the UI.
Users knowledgeable enough to go looking for cookies, like you and me,
would indeed be surprised that they are "hidden". This has been answered
above as well: it's a Firefox bug, and tickets were already opened.
> When all tabs related to an URL bar domain are closed, a reasonable user
expectation is that that particular session is closed and that a new tab
will start from a clean slate.
This sound neat. However, reasonable expectation? What other web browser
ever did this? I can't think of any. What makes you think that users would
expect such behavior? Not to mention the amount of breakage doing this
would result in.
> > Unless you're fond of security theater
> This is not security theater. This is about breaking up browser sessions
into smaller pieces that are harder to correlate.
I sympathize with your intention here. This sound good. But you said
nothing about the very important point I raised about the ineffectiveness
of just focusing on history, cookies and cache. If Tor Browser were to
clear those while leaving the rest of the state in place, the result is
that correlation has only been made harder for some of the less
resourceful adversaries. This would only lead to an unwarranted sense of
security. Hence why I would call it security theater.
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18382#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs