[tor-bugs] #18382 [Tor Browser]: Private browsing retains state

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 27 22:48:37 UTC 2016


#18382: Private browsing retains state
-------------------------+--------------------------
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  reopened
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+--------------------------

Comment (by cypherpunks):

 Replying to [comment:6 cypherpunks]:

 > Yours is a convenience issue, not a security one, and has been raised
 long ago and eventually dismissed: #10400.
 > Here's another somewhat related ticket: #17594.

 No, this ticket is the opposite. Those tickets above are about preserving
 session state across restarts and potentially allowing users to shoot
 themselves in the foot.

 This ticket is about minimizing session state (purging it as soon as
 possible). Many users won't expect that the session state is kept behind
 their backs - the cookies in private browsing mode are invisible to the
 UI.

 When all tabs related to an URL bar domain are closed, a reasonable user
 expectation is that that particular session is closed and that a new tab
 will start from a clean slate.

 > Unless you're fond of security theater

 This is not security theater. This is about breaking up browser sessions
 into smaller pieces that are harder to correlate.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18382#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list