Opened 6 months ago

Last modified 6 months ago

#29634 needs_information defect

Riot.im local storage lost when closing tab

Reported by: 0tzVNmkQxgql Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: riot, matrix, local storage
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I am trying to use the official release instance of the Riot client for Matrix at https://riot.im/app . I have configured Tor Browser to keep site data for riot.im. Security level is Standard.

When I log into Riot, I can see in TB's Storage Inspector that data is written to IndexedDB and Local Storage. When I close the Riot tab and reopen Riot in a new tab, I am no longer logged in. In Storage Inspector, the IndexedDB data seems to persist (even over browser restarts, as intended), but Local Storage was not kept when closing the tab and a new guest session is written.

I have reproduced this problem on Riot v0.17.8 and later, as well as Tor Browser 8.0.4 and later. It does not occur on Firefox ESR. Without persistent Local Storage, it is not possible to use the device-based E2E encryption that Matrix offers, because old messages will not decrypt properly and all communication partners have to re-verify my "devices" every time I close the tab and log back in.

IMO, Tor Browser should keep all data stored by sites that are explicitly whitelisted by the user, not just cookies and IndexedDB.

Child Tickets

Change History (6)

comment:1 Changed 6 months ago by gk

Status: newneeds_information

How did you configure Tor Browser to keep site data for riot.im? Note: we focus right now on providing a proper Private Browsing Mode and disabling it is kind of unsupported right now. This will likely change in the future but for now you might encounter more bugs as usual in that mode of operation.

comment:2 Changed 6 months ago by 0tzVNmkQxgql

This is what I did:

Options -> Privacy and Security -> History: Uncheck "Always use private browsing mode" (so this is the problem?), restart
Options -> Privacy and Security -> History: Check "Clear history when Tor Browser closes", then uncheck "Cookies" and "Active Logins" under Settings ("Offline Website Data" and "Site Preferences" are already unchecked)
Options -> Cookies and Site Data: Check "Keep until I close Tor Browser", click on "Exceptions" and add "riot.im" with status "Allow".

This retains cookies and IndexedDB even over restarts. I also set "Store Data in Persistent Storage" to "Allow" in the Permissions tab that you can reach when clicking the green lock.

This actually worked for a while last year and stopped working in January. I tried to downgrade TB and Riot to find the last versions on which it worked, but I was unsuccessful.

I am currently running a Whonix VM just for Riot, which is rather inconvenient and has its problems. I could set up the Electron desktop client to use Tor as a Proxy and to not self-update, but I don't trust Electron apps not to make connections anyway and firewalling it off is cumbersome, because the executable path changes with every update.

comment:3 in reply to:  2 Changed 6 months ago by gk

Replying to 0tzVNmkQxgql:

This is what I did:

Options -> Privacy and Security -> History: Uncheck "Always use private browsing mode" (so this is the problem?), restart
Options -> Privacy and Security -> History: Check "Clear history when Tor Browser closes", then uncheck "Cookies" and "Active Logins" under Settings ("Offline Website Data" and "Site Preferences" are already unchecked)
Options -> Cookies and Site Data: Check "Keep until I close Tor Browser", click on "Exceptions" and add "riot.im" with status "Allow".

This retains cookies and IndexedDB even over restarts. I also set "Store Data in Persistent Storage" to "Allow" in the Permissions tab that you can reach when clicking the green lock.

This actually worked for a while last year and stopped working in January. I tried to downgrade TB and Riot to find the last versions on which it worked, but I was unsuccessful.

Hm. So, I'd have suggested something along the lines above, which you already tried. Did you start with a clean new Tor Browser for trying to pinpoint your issue? Looking over the Tor Browser release in January I don't see anything obvious that could have caused this problem...

comment:4 Changed 6 months ago by 0tzVNmkQxgql

I did some more testing. The culprit is this: Options -> Cookies and Site Data: Check "Keep until I close Tor Browser" (on all versions, included the latest).
If I set this instead of "Keep until they expire", even opening riot.im/app in another tab while leaving the existing one open does not retain the session. At the same time, this setting does not actually delete any cookies when the browser closes either.
IMO, correct behaviour would be session persistence while the browser is open and removal of all site data when it is closed. This is the (perceived) behaviour with vanilla settings, in private browsing mode.

Also, adding riot.im as an "Allow" exception is of course superfluous, if cookies are accepted in general.

I misinterpreted the settings; my goal was that Tor Browser cleans up all history, except for riot.im data, but I don't think that's possible right now. Optimally, Tor Browser should run in private browsing mode with vanilla settings, but allow whitelisting of sites to keep data across browser restarts, but that would be its own feature request.

So in summary:

  • "Keep until I close Tor Browser" has some bugs
  • the only way to use Riot with TB is to disable private browsing mode, which is not ideal due to tracking cookies being retained (or if employing a whitelisting approach, enabling fingerprinting by having cookies blocked on all but a few sites).

comment:5 in reply to:  4 ; Changed 6 months ago by gk

Replying to 0tzVNmkQxgql:

I did some more testing. The culprit is this: Options -> Cookies and Site Data: Check "Keep until I close Tor Browser" (on all versions, included the latest).
If I set this instead of "Keep until they expire", even opening riot.im/app in another tab while leaving the existing one open does not retain the session. At the same time, this setting does not actually delete any cookies when the browser closes either.
IMO, correct behaviour would be session persistence while the browser is open and removal of all site data when it is closed. This is the (perceived) behaviour with vanilla settings, in private browsing mode.

Thanks for tracking this down. So, to be sure I understood you correctly: that option is buggy once you leave permanent Private Browsing Mode (PBM) (because I don't seem to be able to enable it within PBM)?

Also, adding riot.im as an "Allow" exception is of course superfluous, if cookies are accepted in general.

I misinterpreted the settings; my goal was that Tor Browser cleans up all history, except for riot.im data, but I don't think that's possible right now. Optimally, Tor Browser should run in private browsing mode with vanilla settings, but allow whitelisting of sites to keep data across browser restarts, but that would be its own feature request.

Yes, I think you are right about that. I suppose your proposed features does not work in vanilla Firefox either right now?

comment:6 in reply to:  5 Changed 6 months ago by 0tzVNmkQxgql

Replying to gk:

Thanks for tracking this down. So, to be sure I understood you correctly: that option is buggy once you leave permanent Private Browsing Mode (PBM) (because I don't seem to be able to enable it within PBM)?

Yes.

Yes, I think you are right about that. I suppose your proposed features does not work in vanilla Firefox either right now?

Pretty sure it's not in vanilla Firefox. I know that the add-on Cookie AutoDelete provides something of the sort, but I have to admit that even in vanilla Firefox, I have no use case for keeping site data for longer than a session. Riot is the only use case.
In the short term, it might be a better approach to make the Riot desktop client more Tor-friendly.

Note: See TracTickets for help on using tickets.