[tor-talk] observation: Browser bundle & secure files deletion

Tue Oct 4 19:07:52 UTC 2011

On 10/4/2011 9:22 AM, Julian Yon wrote:
> On 04/10/11 15:00, Advrk Aplmrkt wrote:
>> I had the exact same question about secure delete. Also, securing
>> wiping the computer's memory is important, as sensitive data could be
>> recovered from RAM even *after* power off...
> TAILS handles this: http://tails.boum.org/
>
> Using TAILS may involve a compromise, as it seems to still be on FF 3.5,
> whereas TBB has moved on. Like any security issue you would have to make
> a decision based on your own threat model.
Thanks to both.
Advrk - Good point.  I'm no pure expert, but seems I've read if computer 
is POWERED off for ? several minutes, most RAM will be cleared.  Even if 
true, it's a bit inconvenient.  IMO, the RAM issue doesn't have as much 
widespread potential impact as things like cache & other files not being 
securely deleted.  ** I see that default Cache Space in Aurora is set = 
0.  What about people w/ slower machines that REALLY need cache?  Of 
those needing it, I'd guess a good number * need * to securely delete 
it, whether they're aware or not.

Julian - TAILS handles what?  Clearing RAM or securely deleting files in 
FF containing personal data?  TAILS may be GREAT, but TBB users probably 
shouldn't have to rely on 3rd party apps to be secure (esp. in countries 
where using TBB, that the whole point of using it is (close to) complete 
anonymity & therefore security.  They probably shouldn't have to use a 
3rd party wiping prgm.  Leaving files behind w/ incriminating info (from 
a repressive gov'ts view) isn't secure or anonymous.

Regarding deciding on your threat model - one of my points is, even many 
Tor / TBB users don't KNOW anything about secure / insecure deletion of 
certain files when TBB is closed.
This could also involve Vidalia / Tor files in TBB.  Some don't know 
what a threat model is.  If we're assuming only advanced users should be 
using Tor / TBB, then everything's fine.  I'm almost positive that's NOT 
the developers' assumption / position.

I haven't investigated far enough yet to know what TBB / Aurora will do 
if under Options > Privacy, you check the box:  "Clear history when 
Aurora closes," then UNcheck most of the items under the settings.  Then 
after closing TBB, use a wiping prgm w/ pre configured task to wipe the 
files / folders you want.  Again, avg users would have to be instructed 
-  in plain language - not computer speak.  A lot of users would *  need 
help * knowing which files to delete that might contain personal / 
private data.

Perhaps a list of all files potentially containing personal / private / 
browsing data could be listed - VERY PROMINENTLY - where all users would 
see it & some instructions on how to securely delete them.  Firefox no 
longer shows the "Delete Private Data" box at shutdown, but an addon 
"Ask For Sanitize" brings back that box, so one can see / change what's 
being (insecurely) deleted at shutdown.  Or choose not to delete 
anything, then use a wiping prgm to del files.