[tbb-bugs] #18382 [Tor Browser]: Private browsing retains state

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Feb 28 07:04:28 UTC 2016


#18382: Private browsing retains state
-------------------------+--------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  reopened
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:8 cypherpunks]:
 > Replying to [comment:7 cypherpunks]:

 > > When all tabs related to an URL bar domain are closed, a reasonable
 user expectation is that that particular session is closed and that a new
 tab will start from a clean slate.
 > This sounds neat. However, reasonable expectation? What other web
 browser ever did this? I can't think of any. What makes you think that
 users would expect such behavior?

 Private browsing claims not to save history (yet it does in volatile
 memory).

 Tor browser before using private browsing was better behaved, it did allow
 users to clear the history while blocking disk access.

 > Not to mention the amount of breakage doing this would result in.

 What breakage? Active cookies / logins will obviously be cleared. Beyond
 that nothing should break.

 > > > Unless you're fond of security theater
 > >
 > > This is not security theater. This is about breaking up browser
 sessions into smaller pieces that are harder to correlate.
 > I sympathize with your intention here. This sounds good. But you said
 nothing about the very important point I raised about the ineffectiveness
 of just focusing on history, cookies and cache. If Tor Browser were to
 clear those while leaving the rest of the state in place, the result is
 that correlation has only been made harder for some of the less
 resourceful adversaries. This would only lead to an unwarranted sense of
 security. Hence why I would call it security theater.

 The intent of this ticket is to do exactly the same as new identity, but
 on a URL bar domain granularity. What correlation can be done if all
 session state associated with an URL bar domain is properly cleared when
 it is closed? What is that rest of the state you are talking about?

 Window size is a sticky point, but there are open tickets for that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18382#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list