[tbb-bugs] #18589 [Tor Browser]: Tor browser writes SiteSecurityServiceState.txt with usage history

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 20 16:01:26 UTC 2016

#18589: Tor browser writes SiteSecurityServiceState.txt with usage history
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |   Reviewer:
      Sponsor:               |
 Tor browser (hardened-6.0a4) writes a file called
 SiteSecurityServiceState.txt that has a list of sites I've visited. E.g.
 it has "en.wikipedia.org" and that definitely wasn't there after I first
 ran TB. It didn't appear right away when I visited Wikipedia but
 eventually made it to disk (maybe it writes every few minutes or just at

 I have all history disabled in privacy prefs (except cookies but they're
 only till shutdown according to the dropdown). I expect TB will not write
 history without consent, and I did not approve or even get a warning about
 this file. I don't even see an obscure option (about:config) to disable
 it. I guess I'll try symlinking /dev/null, and otherwise write some
 $LD_PRELOAD to fail the open().

 I understand there are security benefits but unless the user has enabled
 some form of history I don't think it's acceptable. You could ship a
 default file with popular sites preloaded.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18589>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list