[tor-bugs] #18233 [Tor Browser]: Get rid of the cookie "protection" cruft from Torbutton

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Feb 4 10:08:52 UTC 2016

#18233: Get rid of the cookie "protection" cruft from Torbutton
     Reporter:  cypherpunks  |      Owner:  tbb-team
         Type:  defect       |     Status:  new
     Priority:  Medium       |  Milestone:
    Component:  Tor Browser  |    Version:
     Severity:  Normal       |   Keywords:  tbb-torbutton
Actual Points:               |  Parent ID:
       Points:               |    Sponsor:
 I wonder why Torbutton still includes the "cookie protection" stuff.
 Looks to me like that code is the oldest, ugliest, more useless part of
 the addon, am I wrong?

 It seems to be a heritage from the days when one was supposed to attach
 Torbutton to any regular Firefox release.  Does it even have a place in
 Tor Browser?

 Last month someone in tor-talk asked what the cookie protection mechanism
 consisted of.  There were 5 or 6 replies, including 1 from a Tor Browser
 guy.  None of them answered the question, I suspect none of them knew (and
 failed to admit so).

 Doesn't the whole "protection" add up to "won't be deleted when renewing
 identity" (if it worked, which apparently it doesn't)?  If that's the
 case, then calling such cookies "protected" is pretty stupid.  Call it
 "preserved" or something like that.  I suspect "protected" made a bit more
 sense when Torbutton was supposed to handle both Tor and non-Tor sessions;
 those days are long gone.

 Why not just remove that part of the addon?  At least until it's been

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18233>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list