Opened 4 years ago

Last modified 13 months ago

#8920 reopened defect

Windows Search indexes the Tor Browser Bundle

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that it is likely that Windows Search indexes the Tor Browser Bundle.

Windows Search, which is enabled by default, builds a full-text index of files on the computer. One component of Windows Search is the Indexer, which crawls the file system on initial setup, and then listens for file system notifications to index changed files. Windows Search writes a number of files to the following location:

  • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\

I have not found a way to read the Windows Search database files, but I would say it is likely that Windows Search picked up the Tor Browser Bundle at some point.

Child Tickets

Change History (6)

comment:1 Changed 4 years ago by runa

  • Keywords tbb-disk-leak added

comment:2 Changed 4 years ago by runa

It is possible to disable Windows Search, but I am not sure if it's something we want to recommend to our users.

comment:3 Changed 3 years ago by erinn

  • Keywords needs-triage added

comment:4 Changed 3 years ago by erinn

  • Component changed from Tor bundles/installation to Tor Browser
  • Owner changed from erinn to tbb-team

comment:5 Changed 13 months ago by bugzilla

  • Keywords tbb-disk-traces added; tbb-disk-leak needs-triage removed
  • Resolution set to invalid
  • Severity set to Normal
  • Status changed from new to closed

You'd never be able to remove OS "logging" under non-admin credentials. It is not a leak, but traces.

comment:6 Changed 13 months ago by gk

  • Keywords tbb-disk-leak added; tbb-disk-traces removed
  • Resolution invalid deleted
  • Status changed from closed to reopened

Please, don't invent new keywords out of the box and don't close tickets even if there is no obvious workaround or fix imaginable at the moment. Thanks.

Note: See TracTickets for help on using tickets.