Opened 4 years ago

Last modified 3 years ago

#8990 new defect

OS X per-user temp files contain traces of the Tor Browser Bundle

Reported by: runa Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: tbb-disk-leak, needs-triage
Cc: runa Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on OS X 10.8 showed that per-user temp files contain traces of the Tor Browser Bundle.

OS X stores per-user temporary files and caches in /var/folders/. The following files contain the path to the attached external drive, the path to the Tor Browser Bundle on the Desktop, and the path to the Tor Browser Bundle in the Trash:

  • /var/folders/fb/v5wqpgls029d8tp_pcjy0yth0000gn/C/com.apple.LaunchServices-036501.csstore
  • /var/folders/fb/v5wqpgls029d8tp_pcjy0yth0000gn/C/com.apple.QuickLook.thumbnailcache/index.sqlite
  • /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/C/com.apple.LaunchServices-0360.csstore
  • /var/folders/fb/v5wqpgls029d8tp_pcjy0yth0000gn/C/com.apple.QuickLook.thumbnailcache/thumbnails.data

These files also contain strings such as org.torproject.torbrowserbundle, org.mozilla.torbrowser, torbrowser_en-us.app, torbrowser.app, net.vidalia-project.vidalia, and vidalia.app. I have not been able to open the last file, thumbnails.data but it might contain traces of the Tor Browser Bundle and/or the attached external drive.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by runa

A number of the traces found are related to strings such as the ones listed above. I wonder if there is any way we can get around that, without confusing our users, such as having randomized application names or similar.

comment:2 Changed 3 years ago by erinn

Keywords: needs-triage added

comment:3 Changed 3 years ago by erinn

Component: Tor bundles/installationTor Browser
Owner: changed from erinn to tbb-team
Note: See TracTickets for help on using tickets.