[tor-bugs] #18382 [Tor Browser]: Private browsing retains state

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Feb 28 00:44:12 UTC 2016

#18382: Private browsing retains state
 Reporter:  cypherpunks  |          Owner:  tbb-team
     Type:  defect       |         Status:  reopened
 Priority:  Medium       |      Milestone:
Component:  Tor Browser  |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |

Comment (by cypherpunks):

 Replying to [comment:7 cypherpunks]:
 > Replying to [comment:6 cypherpunks]:
 > > Yours is a convenience issue, not a security one, and has been raised
 long ago and eventually dismissed: #10400.
 > > Here's another somewhat related ticket: #17594.
 > No, this ticket is the opposite. Those tickets above are about
 preserving session state across restarts and potentially allowing users to
 shoot themselves in the foot.
 > This ticket is about minimizing session state (purging it as soon as
 Alright, good point. But you see why I mention them, don't you? New
 Identity was offered as a solution above and you rejected it because
 "loses all open tabs/windows". Maybe I read too much into it but you
 surely see the relation.

 > Many users won't expect that the session state is kept behind their
 backs - the cookies in private browsing mode are invisible to the UI.
 Users knowledgeable enough to go looking for cookies, like you and me,
 would indeed be surprised that they are "hidden". This has been answered
 above as well: it's a Firefox bug, and tickets were already opened.

 > When all tabs related to an URL bar domain are closed, a reasonable user
 expectation is that that particular session is closed and that a new tab
 will start from a clean slate.
 This sound neat. However, reasonable expectation? What other web browser
 ever did this? I can't think of any. What makes you think that users would
 expect such behavior? Not to mention the amount of breakage doing this
 would result in.

 > > Unless you're fond of security theater
 > This is not security theater. This is about breaking up browser sessions
 into smaller pieces that are harder to correlate.
 I sympathize with your intention here. This sound good. But you said
 nothing about the very important point I raised about the ineffectiveness
 of just focusing on history, cookies and cache. If Tor Browser were to
 clear those while leaving the rest of the state in place, the result is
 that correlation has only been made harder for some of the less
 resourceful adversaries. This would only lead to an unwarranted sense of
 security. Hence why I would call it security theater.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18382#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list