Opened 5 years ago

Closed 5 years ago

Last modified 13 months ago

#12488 closed defect (wontfix)

Disable dom.event.clipboardevents.enabled by default in TBB

Reported by: cypherpunks Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Normal Keywords:
Cc: floweb Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hi folks!

It's been established (e.g., http://beta.slashdot.org/story/129898) that by using dom.event.clipboardevents websites are able to monitor the text that a user cuts, copies, or pastes and record it on their system.

An option to disable this code for increased privacy led to a fix given by https://bugzilla.mozilla.org/show_bug.cgi?id=542938, but freshly-packaged installs of Firefox (and hence, Tor 0.2.4.22/Tor Browser Bundle 3.6.2) come with it enabled by default.

Shouldn't we turn this off for increased privacy? I don't think it has as much use in TBB as it does in Firefox, and could be considered a privacy leak if the user in question is copying passwords or other sensitive data.

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by gk

Resolution: wontfix
Status: newclosed
Version: Tor: unspecified

See #10593 for the WONTFIX rationale.

comment:2 Changed 13 months ago by gk

Cc: floweb added
Severity: Blocker

comment:3 Changed 13 months ago by gk

Severity: BlockerNormal
Note: See TracTickets for help on using tickets.