TorBrowser should zero-out cleared partial downloads or not delete them at all
Normally, when a file is fully downloaded, the option remains to secure delete the file using other tools.
When canceling a download in progress however, TorBrowser appears to simply delete the partial download file, leaving the user with no way to cleanwipe the file.
In the event of inflammatory/seditious/etc material, this may present an unacceptable security risk in certain countries.
IMO, TorBrowser has two possible solutions.
1: Zero (or, better, multi-pass randomize) the partial download file prior to final deletion. 2: Do not remove the partial download file and inform the user where the file is and that they should wipe any potentially incriminating file.
Obviously an option to choose between these two behaviors (as well as normal deletion) would also be acceptable although I believe that option 2 should be the default.
Trac:
Username: mmxbass