[tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Joe Btfsplk
joebtfsplk at gmx.com
Fri Jun 20 15:11:10 UTC 2014
On 6/20/2014 9:04 AM, Joe Btfsplk wrote:
> On 6/19/2014 1:51 PM, Georg Koppen wrote:
>> Joe Btfsplk:
>>> Curious: Should DOM storage really be enabled by default in Tor Browser
>>> 3.6.x, when other forms of disk storage are disabled?
>> DOM Storage in Tor Browser does not save state to disc. And it is bound
>> to the URL bar domain (see design document).
>>
>> The code is in commit 5392d2ed679eaaa078f5c667573ef0698ec65345 in the
>> tor-browser repository.
>>
>> Georg
>>
>>
EDIT: There is data stored in webappsstore.sqlite in vanilla Fx, if
it's allowed.
The sqlite viewer I was using - http://sqlitebrowser.org/ - doesn't
display the contents of <my> copy of that file.
It apparently displays some other Fx sqlite files OK. Dunno.
I know Mozilla has an addon sqlite viewer & I've used it, but would
prefer a stand alone, as it's seldom used.
Don't need another addon, potentially causing probs, used once in 3, 6
or...? months.
If anyone has a better suggestion for a free viewer, preferably
portable, I'd appreciate it.
END EDIT.
*************
> Checking vanilla Fx, I don't see it's *storing anything* in
> webappsstore.sqlite either, even though the default about:config entry
> "dom.storage.enabled" = true.
> Maybe? that's because I have all disk cache disabled in vanilla Fx, as
> is Torbrowers' default?
>
> Unless youtube doesn't attempt to use DOM storage, with 1st party
> cookies & java script allowed for both youtube.com & ytimg.com, in
> vanilla Fx.
>
> It's good nothing's being stored (even in Fx), except you can't verify
> which delete history / cache / storage method removes DOM data.
> Something else must be going on.
>
> BTW, the "Design Document - DRAFT" (dated March 15, 2013 ) that's linked
> from TorProject's main page, has non-functioning link for the patch in
> the line below about DOM storage.
> It says "404 - Cannot find file"
>
> 1. /DOM Storage
>
> DOM storage for third party domains MUST be isolated to the url bar
> origin, to prevent linkability between sites. This functionality is
> provided through a patch to Firefox
> <https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-patches/firefox/0026-Isolate-DOM-storage-to-first-party-URI.patch>./
>
>
More information about the tor-talk
mailing list