bookmark save a screenshoot for bookmarked page?

[rexkzhfbhgyc]

I think this is a dangerous thing because it expose my page screenshot as exactly what I seen.
TBB version:9.0 (based on Mozilla Firefox 68.2.0esr) (32-bit)
Platform:Linux

[rexkzhfbhgyc]

I'm can't post one screenshot for security reason.
I found out one similar(maybe same) question:​https://support.mozilla.org/en-US/questions/1232360
But the solution just focus on hide such screenshot in UI rather than avoid leak such screenshot to disk(if any).

[Thorin]

I don't see this (temp? memeory only?) thumb being stored anywhere in the profile, although places-sqlite-wal grew massively after the fact

[gk]

We should figure out whether that's an actual issue in Tor Browser. Maybe the screenshot is just shown when the page is bookmarked?

[Thorin]

Did a quick dig: the bookmarking confirmation/cancel panel with favicon+screenshot landed in FF62. Here's the screenshot ticket: ​https://bugzilla.mozilla.org/show_bug.cgi?id=1460248

[sysrqb]

I'm not sure this is a bug (or that we should fix it). Bookmarks are already tagged with the date they were last modified. We can go down the rabbit-hole of scrubbing all timestamps associated with bookmarks and any other information that may indicate when the bookmark was created/updated - but that is a much larger issue.

[Thorin]

I don't think the concern is metadata: it's the actual content of the thumbnail may reveal something unintentional (e.g your user name on the site: e.g if I bookmarked this page, it says "logged in as Thorin"). If the thumbnail in the confirmation/cancel dialog is memory only, then I think we're good.