Opened 5 years ago

Closed 4 years ago

#18233 closed defect (invalid)

Get rid of the cookie "protection" cruft from Torbutton

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-torbutton
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I wonder why Torbutton still includes the "cookie protection" stuff. Looks to me like that code is the oldest, ugliest, more useless part of the addon, am I wrong?

It seems to be a heritage from the days when one was supposed to attach Torbutton to any regular Firefox release. Does it even have a place in Tor Browser?

Last month someone in tor-talk asked what the cookie protection mechanism consisted of. There were 5 or 6 replies, including 1 from a Tor Browser guy. None of them answered the question, I suspect none of them knew (and failed to admit so).

Doesn't the whole "protection" add up to "won't be deleted when renewing identity" (if it worked, which apparently it doesn't)? If that's the case, then calling such cookies "protected" is pretty stupid. Call it "preserved" or something like that. I suspect "protected" made a bit more sense when Torbutton was supposed to handle both Tor and non-Tor sessions; those days are long gone.

Why not just remove that part of the addon? At least until it's been reworked.

Child Tickets

Change History (1)

comment:1 Changed 4 years ago by bugzilla

Resolution: invalid
Status: newclosed
Note: See TracTickets for help on using tickets.