[tor-bugs] #25072 [HTTPS Everywhere/EFF-HTTPS Everywhere]: New Identity does not clear extension storage
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jan 29 16:35:02 UTC 2018
#25072: New Identity does not clear extension storage
-------------------------------------------------------+------------------
Reporter: kmodi | Owner: jsha
Type: defect | Status: new
Priority: Medium | Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------------+------------------
When "New Identity" button is pressed, the information stored by
extensions like HTTPS Everywhere is not cleared.
This might contain information, like domains which the user added as an
exception.
Because, this persists on disk and is not cleared on Tor shoutdown or
manually clicking "New Identity", it leaves traces of users browsing
habits.
Steps to reproduce:
1. Visit a website like cnn.com.
2. Click on HTTPS Everywhere Icon, and uncheck CNN.COM.
3. Restart Tor or Click on New Identity,
4. Visit the same site again, the setting is remembered by extension.
Data on disk:
~/Library/Application\ Support/TorBrowser-Data/Browser/profile/browser-
extension-data/https-everywhere-
eff at eff.org/storage.js:{"ruleActiveStates":{"CNN.com
(partial)":false},"migration_version":1}
Ideally, extensions should be careful while saving data to disks. But may
be Tor can also clear the storage on New Identity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25072>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list