Opened 4 years ago

Closed 4 years ago

#16542 closed enhancement (worksforme)

HTTPS-E ruleset log file compromises user privacy

Reported by: writecode Owned by: jsha
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords: https privacy ruleset, tbb-disk-leak
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On exit TOR deletes user history but HTTPS-E permanently stores visited URLs in a file: ...https-everywhere@…/defaults/rulesets.sqlite. This is a SQLITE file but can also be read in plain text. For privacy enhancement suggest deleting ruleset file on TOR exit.

Child Tickets

Change History (4)

comment:1 Changed 4 years ago by mikeperry

Keywords: tbb-disk-leak added

comment:2 Changed 4 years ago by jsha

Status: newneeds_information

writecode, can you provide detailed steps to reproduce? I'm fairly certain HTTPSE never writes to rulesets.sqlite.

comment:3 Changed 4 years ago by writecode

I could not reproduce this problem. I have examined the ruleset.sqlite file, did reinstall of TOR and found that rulesets was never written to. Ruleset was not written using TOR and also not written to using current version of Firefox. This ticket submitted in error and can be closed and no further resolution needed.

comment:4 Changed 4 years ago by jsha

Resolution: worksforme
Status: needs_informationclosed

Alright, will do. Thanks for your close attention to detail, and glad it was a false alarm!

Note: See TracTickets for help on using tickets.