Opened 4 years ago

Last modified 19 months ago

#8919 reopened defect

Windows Registry contains path to Tor Browser Bundle executable

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that the registry contains the path to the Tor Browser Bundle executable.

HKEY_CURRENT_USER, abbreviated HKCU, stores settings that are specific to the currently logged-in user. Each user's settings are stored in files called NTUSER.DAT and UsrClass.dat. The path to the Tor Browser Bundle executable is listed in the following two files:

  • C:\Users\runa\AppData\Local\Microsoft\Windows\UsrClass.dat
  • C:\Users\runa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1

I did not find traces of the Tor Browser Bundle in any of the NTUSER.DAT files.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by runa

Keywords: tbb-disk-leak added

comment:2 Changed 3 years ago by erinn

Keywords: needs-triage added

comment:3 Changed 3 years ago by erinn

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team

comment:4 Changed 19 months ago by bugzilla

Keywords: tbb-disk-traces added; tbb-disk-leak needs-triage removed
Resolution: invalid
Severity: Normal
Status: newclosed

You'd never be able to remove OS "logging" under non-admin credentials. It is not a leak, but traces.

comment:5 Changed 19 months ago by gk

Keywords: tbb-disk-leak added; tbb-disk-traces removed
Resolution: invalid
Status: closedreopened

Please, don't invent new keywords out of the box and don't close tickets even if there is no obvious workaround or fix imaginable at the moment. Thanks.

comment:6 Changed 19 months ago by bugzilla

Don't you see the difference between leaks and traces?
Disk Avoidance section in Design Guide describes what to be added to tbb-disk-leak. 5 invalidated tickets are about OS activity, not TBB. Are you going to fix Windows?

Note: See TracTickets for help on using tickets.