[tor-dev] [tor-talk] Tor Data Leak

isis isis at torproject.org
Thu Aug 28 00:17:18 UTC 2014

sureyourejoking at aim.com transcribed 1.6K bytes:
> To Whom it May Concern,
>     I recently noticed that Tor Browser was leaking data about websites
> I visited in Tor to my hard drive.
>     I am running Mac OS X 10.6.8 on a 2010 model Macbook Pro 6,2. I am
> using TorBrowser Version 3.6.3.
>     The data appears in the directory
> "/Users/Username/Library/PubSub/Feeds/", where "Username" represents my
> username. The directory contains xml files with random names and a .xml
> extension. They contain text and url's from websites which I have only
> visited using Tor.
>     I use "No-Script" in Tor, and it is active by default. "No-Script"
> was active when I visited all of the websites, except for youtube, since
> the videos will not play while "No-Script" is active.
>     I have installed the following add-ons to Tor: "Adblock Edge 2.1.4"
> and "Privacy Badger Firefox 0.2.1".
>     I noticed these xml files a month ago, and moved the contents of
> /Users/Username/Library/PubSub/ to a separate location. Since then, I
> have watched the contents of this directory closely.
>     Two days after I deleted the contents of "PubSub", a directory
> called "Database" appeared containing a file called "Database.sqlite3".
> This file seemed not to have any information about websites I visited. A
> while later, the "Feeds" directory appeared, but was empty. The "Feeds"
> directory remained empty for about two weeks.
>     Yesterday, xml files appeared in the Feeds directory, which now
> contains 1.1 MB of files.
>     Is this a security bug in Tor Browser?

Have you ever subscribed to any live bookmarks or RSS/atom feeds using Tor

 ♥Ⓐ isis agora lovecruft
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1154 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140828/19374b79/attachment.sig>

More information about the tor-dev mailing list