[tor-bugs] #7449 [Applications/Tor Browser]: TorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various places) during the file downloads dialog & when using internal browser video player

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 20 04:07:53 UTC 2020


#7449: TorBrowser creates temp files in Linux /tmp & Windows %temp% and
OSX(various places) during the file downloads dialog & when using internal
browser video player
--------------------------------------+--------------------------
 Reporter:  unknown                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-disk-leak             |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by cypherpunks):

 Can the severity of this issue at least be upped, as this breaks one of
 the most fundamental design goals [1] of the Tor Browser Bundle, namely:

 {{{
 4.3. Disk Avoidance
 Design Goal:

 The User Agent MUST (at user option) prevent all disk records of browser
 activity
 }}}

 To be clear, the problem is even more severe than the issue description
 suggests, because the temporary file is already saved ''before'' the user
 chooses an option in the "Download an external file type?" dialog. This
 means that any clicking any ordinary link can cause something to be
 (temporarily) stored on the hard-drive of an unsuspecting user.

 This ticket's severity is not "Normal". A solution should be sought
 independently of Firefox fixing this for private browsing mode.

 [1] https://2019.www.torproject.org/projects/torbrowser/design/#disk-
 avoidance

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7449#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list