[tor-bugs] #29887 [Applications/Tor Browser]: Potential user activity data leak

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 25 08:01:03 UTC 2019 

#29887: Potential user activity data leak
--------------------------------+------------------------------------------
 Reporter:  pf.team             |          Owner:  tbb-team
     Type:  defect              |         Status:  new
 Priority:  High                |      Component:  Applications/Tor Browser
  Version:                      |       Severity:  Major
 Keywords:  prefs.js            |  Actual Points:
  TorBrowser                    |
Parent ID:                      |         Points:
 Reviewer:                      |        Sponsor:
--------------------------------+------------------------------------------
 The user preferences file at
 ./Browser/TorBrowser/Data/Browser/profile.default/prefs.js contains data
 that can be used to tie anonymous activity via Tor in a certain time
 period to a particular user. This information may serve as additional
 evidence and help repressive regimes to identify activists and
 whistleblowers.

 The most sensitive data is contained in the following parameters:
 * toolkit.startup.last_success - time of last successful browser startup.
 * browser.laterrun.bookkeeping.profileCreationTime - profile creation
 time, i.e. when this browser was started for the first time.

 All other parameters listed below are regularly updated during the
 browser's run. Given their quantity, they may serve as a pretty reliable
 indication of when this particular user was online.

 * app.update.lastUpdateTime.addon-background-update-timer
 * app.update.lastUpdateTime.background-update-timer
 * app.update.lastUpdateTime.blocklist-background-update-timer
 * app.update.lastUpdateTime.browser-cleanup-thumbnails
 * app.update.lastUpdateTime.experiments-update-timer
 * app.update.lastUpdateTime.search-engine-update-timer
 * app.update.lastUpdateTime.xpi-signature-verification
 * extensions.blocklist.lastModified
 * extensions.torbutton.lastUpdateCheck
 * idle.lastDailyNotification
 * media.gmp-manager.lastCheck
 * places.database.lastMaintenance
 * storage.vacuum.last.places.sqlite
 * app.update.lastUpdateTime.xpi-signature-verification

 If there are any other such parameters, they may pose a security risk as
 well.

 As a possible solution, we propose that these parameters should not be
 updated at all, and the browser should treat every time it is run as the
 first.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29887>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list