[tbb-bugs] #17367 [Applications/Tor Browser]: Swap files can contain evidence of browsing history

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Oct 24 22:40:51 UTC 2016


#17367: Swap files can contain evidence of browsing history
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:
 Keywords:  tbb-disk-leak             |  Actual Points:
Parent ID:  #17208                    |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by yawning):

 Replying to [comment:11 mikeperry]:
 > For another approach: I discussed this with some folks at OTF, and they
 suggested a "Secure Shutdown" option that attempts to allocate and zero
 all of the memory on the system in a malloc+memset loop, until malloc
 fails (presumably once all the swap space has been used). We'd want
 probably to do this from a separate process launched after Tor Browser
 actually exits, or at least after we're certain that the current Tor
 Browser heap is fully freed. We'd want to prompt the user from Tor Browser
 before doing this, since it will be slow and other apps may OOM, but
 otherwise this approach seems simple and cross-platform. It might do the
 trick?

 That won't work on the majority of Linux installs, due to memory over-
 commit (`malloc` never fails, and the OOM killer will kick in when the
 system freaks out trying to service page faults as you `memset`), and is
 totally pointless on OSX (as of 10.7, unless the user disabled swap
 encryption).

 I still stand by this being a user education problem.  The only OSes that
 don't have support for having the OS handle swap encryption are EOLed.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17367#comment:12>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list