Opened 6 years ago

Closed 6 years ago

Last modified 2 years ago

#12488 closed defect (wontfix)

Disable dom.event.clipboardevents.enabled by default in TBB

Reported by: cypherpunks Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Normal Keywords:
Cc: floweb Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Hi folks!

It's been established (e.g., that by using dom.event.clipboardevents websites are able to monitor the text that a user cuts, copies, or pastes and record it on their system.

An option to disable this code for increased privacy led to a fix given by, but freshly-packaged installs of Firefox (and hence, Tor Browser Bundle 3.6.2) come with it enabled by default.

Shouldn't we turn this off for increased privacy? I don't think it has as much use in TBB as it does in Firefox, and could be considered a privacy leak if the user in question is copying passwords or other sensitive data.

Child Tickets

Change History (3)

comment:1 Changed 6 years ago by gk

Resolution: wontfix
Status: newclosed
Version: Tor: unspecified

See #10593 for the WONTFIX rationale.

comment:2 Changed 2 years ago by gk

Cc: floweb added
Severity: Blocker

comment:3 Changed 2 years ago by gk

Severity: BlockerNormal
Note: See TracTickets for help on using tickets.