Potential user activity data leak
The user preferences file at ./Browser/TorBrowser/Data/Browser/profile.default/prefs.js contains data that can be used to tie anonymous activity via Tor in a certain time period to a particular user. This information may serve as additional evidence and help repressive regimes to identify activists and whistleblowers.
The most sensitive data is contained in the following parameters:
- toolkit.startup.last_success - time of last successful browser startup.
- browser.laterrun.bookkeeping.profileCreationTime - profile creation time, i.e. when this browser was started for the first time.
All other parameters listed below are regularly updated during the browser's run. Given their quantity, they may serve as a pretty reliable indication of when this particular user was online.
- app.update.lastUpdateTime.addon-background-update-timer
- app.update.lastUpdateTime.background-update-timer
- app.update.lastUpdateTime.blocklist-background-update-timer
- app.update.lastUpdateTime.browser-cleanup-thumbnails
- app.update.lastUpdateTime.experiments-update-timer
- app.update.lastUpdateTime.search-engine-update-timer
- app.update.lastUpdateTime.xpi-signature-verification
- extensions.blocklist.lastModified
- extensions.torbutton.lastUpdateCheck
- idle.lastDailyNotification
- media.gmp-manager.lastCheck
- places.database.lastMaintenance
- storage.vacuum.last.places.sqlite
- app.update.lastUpdateTime.xpi-signature-verification
If there are any other such parameters, they may pose a security risk as well.
As a possible solution, we propose that these parameters should not be updated at all, and the browser should treat every time it is run as the first.
Trac:
Username: pf.team