Opened 4 years ago

Last modified 16 months ago

#8919 reopened defect

Windows Registry contains path to Tor Browser Bundle executable

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that the registry contains the path to the Tor Browser Bundle executable.

HKEY_CURRENT_USER, abbreviated HKCU, stores settings that are specific to the currently logged-in user. Each user's settings are stored in files called NTUSER.DAT and UsrClass.dat. The path to the Tor Browser Bundle executable is listed in the following two files:

  • C:\Users\runa\AppData\Local\Microsoft\Windows\UsrClass.dat
  • C:\Users\runa\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1

I did not find traces of the Tor Browser Bundle in any of the NTUSER.DAT files.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by runa

  • Keywords tbb-disk-leak added

comment:2 Changed 3 years ago by erinn

  • Keywords needs-triage added

comment:3 Changed 3 years ago by erinn

  • Component changed from Tor bundles/installation to Tor Browser
  • Owner changed from erinn to tbb-team

comment:4 Changed 16 months ago by bugzilla

  • Keywords tbb-disk-traces added; tbb-disk-leak needs-triage removed
  • Resolution set to invalid
  • Severity set to Normal
  • Status changed from new to closed

You'd never be able to remove OS "logging" under non-admin credentials. It is not a leak, but traces.

comment:5 Changed 16 months ago by gk

  • Keywords tbb-disk-leak added; tbb-disk-traces removed
  • Resolution invalid deleted
  • Status changed from closed to reopened

Please, don't invent new keywords out of the box and don't close tickets even if there is no obvious workaround or fix imaginable at the moment. Thanks.

comment:6 Changed 16 months ago by bugzilla

Don't you see the difference between leaks and traces?
Disk Avoidance section in Design Guide describes what to be added to tbb-disk-leak. 5 invalidated tickets are about OS activity, not TBB. Are you going to fix Windows?

Note: See TracTickets for help on using tickets.