[tor-bugs] #10352 [TorBrowserButton]: Private Browsing Mode data not properly cleared by New Identity

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 11 02:40:52 UTC 2013


#10352: Private Browsing Mode data not properly cleared by New Identity
------------------------------------+---------------------
 Reporter:  mikeperry               |          Owner:
     Type:  defect                  |         Status:  new
 Priority:  blocker                 |      Milestone:
Component:  TorBrowserButton        |        Version:
 Keywords:  tbb-testcase, ff24-esr  |  Actual Points:
Parent ID:                          |         Points:
------------------------------------+---------------------
 It looks like the Mozilla documentation we used in #9570 was incomplete.
 It turns out that much of the private browsing mode context is not cleared
 upon all windows being closed on New Identity if you are using the default
 configuration ('browser.privatebrowsing.autostart' set to true). It is
 also not cleared by our existing usage of the cookie and cache clearing
 APIs are also leaving data from Private Browsing Mode sessions in tact.

 All of this data does get cleared if you are storing history (which is why
 I missed this so far :/)

 It also appears that the Torbutton Cookie Protections window is also
 always empty if you are using the default configuration
 ('browser.privatebrowsing.autostart' set to true).

 Good test pages for verifying this are:
 http://samy.pl/evercookie/
 http://www.stevesouders.com/blog/2012/09/10/clearing-browser-data/

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10352>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list