[tor-bugs] #3461 [Tor Browser]: minor tweaks for TBB to reduce data transfer and data leaking
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Jun 25 12:28:58 UTC 2011
#3461: minor tweaks for TBB to reduce data transfer and data leaking
-------------------------+--------------------------------------------------
Reporter: phobos | Owner: mikeperry
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
I've noticed the default TBB is quite permissive in its settings. I am
concerned that after a few hours of browsing in TBB, a large number of
sites can track my current persona and know where I've been on the web,
and what I've been doing. If I screw up once and login to a website with
my real identity, I've just tied anonymous me to real me. I've been
looking into the data stored in cache after some simple operations and how
it is effected by changing the torbutton and noscript settings. I wish I
could export torbutton settings in some simple manner.
I did a simple test this morning.
1. I start up TBB 1.1.11 on linux.
2. I click on the 'the tor blog' bookmark and let the page load.
3. I then click on 'learn more about tor' bookmark and let the page load.
4. On the tor website, I click on Press.
5. Once the page loads, I click on volunteer.
6. After the page loads, I decide to see what the weather is like at the
tor office. I enter 'wunderground.com' in the awesome bar and let it load.
7. I enter '02081' in the location and let it load.
8. I click on the radar map and let it load.
Attached are 3 pdfs and 1 text file. Each pdf is named according to what
it represents.
1. The file 'default-TBB-settings-cache-data-leaking.pdf' represents the
results from 'about:cache' after the eight steps above.
2. I tweak some of the torbutton settings, specifically:
a. Under 'security settings, dynamic content' I check 'Disable updates
during Tor usage'.
b. Under 'history', I check all boxes.
c. Under 'forms', I check al boxes.
d. Under 'cache', I check 'clear cookies on tor toggle'
e. Under 'startup', I check 'On normal startup, set Tor state to tor', 'On
session restored startup, set tor state to tor', and uncheck the two
saving tabs options.
f. Under 'shutdown', I check 'clear cookies during any browser shutdown'.
The file named 'minor-tweaks-TBB-data-leaks.pdf' represents the cache
after these changes and following the initial 7 steps.
3. I configure noscript to be slightly more strict in what it allows for
javascript and other options. The file 'medium-tweaks-TBB-noscript-
settings.txt' are these changes. The file 'medium-tweaks-TBB-data-
leaks.pdf' represents the cache after these changes and following the 7
steps.
The result appears to be for the same seven steps, with a tbb restart
between each run a dramatic reduction in cached objects.
Default TBB: 442 objects for 2.5MB in cache. Lots of ad networks loaded
in cache too.
Minor TBB: 340 objects for 1.5MB in cache. Lots of ad networks loaded in
cache too.
Medium TBB: 205 objects for 912KB in cache. 1 Facebook plugin, far few ad
networks loaded in cache.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3461>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list