[tor-bugs] #22904 [Applications/Tor Browser]: macOS: Downloaded files in Tor Browser are being added to a system download list.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 12 21:10:24 UTC 2017
#22904: macOS: Downloaded files in Tor Browser are being added to a system download
list.
-------------------------------------+-------------------------------------
Reporter: DrMikeTwiddle | Owner: tbb-team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor | Version:
Browser | Keywords: Mac, File Quarantine,
Severity: Normal | com.apple.LaunchServices.QuarantineEventsV2
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------+-------------------------------------
Files downloaded with Tor Browser on the Mac are getting added to the
list:
/Users/whoever/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
From what I can understand, this seems to be a behavior applications have
added on Apple's request going back to Snow Leopard as part of File
Quarantine, GateKeeper and Xprotect features of macOS. Also data is being
added to the downloaded file itself in the form of the quarantine
attribute, available with the xattr command.
I guess Tor Browser has inherited this behavior from Firefox. I think it
needs to be removed. Downloads over Tor definitely shouldn't be put in a
global list of files and the downloaded files themselves should not have
extra metadata added to them by TB.
I'm using the 7.02 Mac TB on 10.11, but it will apply to all macOS
versions with these security features.
AFAIK there is only the list at the user level, but someone should check
if there isn't a system wide list.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22904>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list