[tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Aymeric Vitte
vitteaymeric at gmail.com
Thu Jun 19 22:25:17 UTC 2014
Le 19/06/2014 20:51, Georg Koppen a écrit :
> DOM Storage in Tor Browser does not save state to disc.
So it's there until you close your browser, that's far enough to track
you and expose you.
> And it is bound
> to the URL bar domain (see design document).
That's not specific to DOM storage, it just follows the same origin
policy like all W3C/WHATWG APIs
That's really strange, why don't you just disable it like cookies,
indexedDB, etc?
It has no impact on anything except storing things without your consent,
it's obsolete and dangerous, some sites are storing sensitive js code
into it, it's not unlikely (and very easy) to hack into it if by any
chance you leave your browser 2mn, Tor users should not be exposed to this.
--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the tor-talk
mailing list