[tbb-bugs] #29887 [Applications/Tor Browser]: Potential user activity data leak

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Mar 27 07:52:09 UTC 2019


#29887: Potential user activity data leak
--------------------------------------+--------------------------
 Reporter:  pf.team                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-disk-leak             |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by pf.team):

 This threat model is not that unlikely, especially in countries where Tor
 is needed the most.
 Tails, however, requires more skill to use on one hand, and arouses more
 suspicion from repressive authorities on the other. More so than just
 finding Tor Browser installed on the local machine, as TB is much more
 often used for mundane purposes, such as access to content that is blocked
 in one's country for political or copyright-related reasons. Tails,
 however, immediately incriminates the person in question as someone with
 something to hide, something serious enough to require a whole operating
 system centered around anonymity. This in turn makes it more probable that
 the person in question will be, for example, tortured for information on
 his or her activities, or simply put under closer surveillance.

 As a quick fix these parameters may be overwritten by some default values
 each time the browser exits.

 We also found another one of these:
 * browser.laterrun.bookkeeping.sessionCount - counts how many times this
 browser has been run

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29887#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list