Opened 7 years ago

Last modified 2 years ago

#8985 new defect

OS X HFS+ files may contain traces of the Tor Browser Bundle

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-disk-leak, needs-triage
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on OS X 10.8 indicates that OS X HFS+ files may contain traces of the Tor Browser Bundle.

HFS+ is the default filesystem on OS X; it supports journaling, quotas, Finder information in metadata, hard and symbolic links, aliases, etc. HFS+ also supports hot file clustering, which tracks read-only files that are frequently requested and then moves them into a "hot zone". The hot file clustering scheme uses an on-disk B-Tree file for tracking.

I have not been able to open /.hotfiles.btree and /.journal, but they might contain traces of the Tor Browser Bundle and/or the attached external drive.

Child Tickets

Change History (3)

comment:1 Changed 5 years ago by erinn

Keywords: needs-triage added

comment:2 Changed 5 years ago by erinn

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team

comment:3 Changed 2 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.