Opened 4 years ago

Last modified 12 days ago

#10756 new defect

TowBrowser should zero-out cleared partial downloads or not delete them at all

Reported by: mmxbass Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-firefox-patch
Cc: mmxbass, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Normally, when a file is fully downloaded, the option remains to secure delete the file using other tools.

When canceling a download in progress however, TorBrowser appears to simply delete the partial download file, leaving the user with no way to cleanwipe the file.

In the event of inflammatory/seditious/etc material, this may present an unacceptable security risk in certain countries.

IMO, TorBrowser has two possible solutions.

1: Zero (or, better, multi-pass randomize) the partial download file prior to final deletion.
2: Do not remove the partial download file and inform the user where the file is and that they should wipe any potentially incriminating file.

Obviously an option to choose between these two behaviors (as well as normal deletion) would also be acceptable although I believe that option 2 should be the default.

Child Tickets

Change History (5)

comment:1 Changed 4 years ago by mmxbass

Cc: mmxbass added

comment:2 Changed 4 years ago by gk

Cc: gk added

comment:3 Changed 3 years ago by erinn

Keywords: tbb-firefox-patch added

comment:4 Changed 3 years ago by erinn

Component: Firefox Patch IssuesTor Browser
Owner: changed from mikeperry to tbb-team

comment:5 Changed 12 days ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.