[tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Joe Btfsplk
joebtfsplk at gmx.com
Fri Jun 20 14:04:41 UTC 2014
On 6/19/2014 1:51 PM, Georg Koppen wrote:
> Joe Btfsplk:
>> Curious: Should DOM storage really be enabled by default in Tor Browser
>> 3.6.x, when other forms of disk storage are disabled?
> DOM Storage in Tor Browser does not save state to disc. And it is bound
> to the URL bar domain (see design document).
>
> The code is in commit 5392d2ed679eaaa078f5c667573ef0698ec65345 in the
> tor-browser repository.
>
> Georg
>
>
Checking vanilla Fx, I don't see it's *storing anything* in
webappsstore.sqlite either, even though the default about:config entry
"dom.storage.enabled" = true.
Maybe? that's because I have all disk cache disabled in vanilla Fx, as
is Torbrowers' default?
Unless youtube doesn't attempt to use DOM storage, with 1st party
cookies & java script allowed for both youtube.com & ytimg.com, in
vanilla Fx.
It's good nothing's being stored (even in Fx), except you can't verify
which delete history / cache / storage method removes DOM data.
Something else must be going on.
BTW, the "Design Document - DRAFT" (dated March 15, 2013 ) that's linked
from TorProject's main page, has non-functioning link for the patch in
the line below about DOM storage.
It says "404 - Cannot find file"
1. /DOM Storage
DOM storage for third party domains MUST be isolated to the url bar
origin, to prevent linkability between sites. This functionality is
provided through a patch to Firefox
<https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-patches/firefox/0026-Isolate-DOM-storage-to-first-party-URI.patch>./
More information about the tor-talk
mailing list