[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?




On 6/19/2014 1:51 PM, Georg Koppen wrote:
Joe Btfsplk:
Curious:  Should DOM storage really be enabled by default in Tor Browser
3.6.x, when other forms of disk storage are disabled?
DOM Storage in Tor Browser does not save state to disc. And it is bound
to the URL bar domain (see design document).

The code is in commit 5392d2ed679eaaa078f5c667573ef0698ec65345 in the
tor-browser repository.

Georg


Checking vanilla Fx, I don't see it's *storing anything* in webappsstore.sqlite either, even though the default about:config entry "dom.storage.enabled" = true. Maybe? that's because I have all disk cache disabled in vanilla Fx, as is Torbrowers' default?

Unless youtube doesn't attempt to use DOM storage, with 1st party cookies & java script allowed for both youtube.com & ytimg.com, in vanilla Fx.

It's good nothing's being stored (even in Fx), except you can't verify which delete history / cache / storage method removes DOM data.
Something else must be going on.

BTW, the "Design Document - DRAFT" (dated March 15, 2013 ) that's linked from TorProject's main page, has non-functioning link for the patch in the line below about DOM storage.
It says "404 - Cannot find file"

1. /DOM Storage

   DOM storage for third party domains MUST be isolated to the url bar
   origin, to prevent linkability between sites. This functionality is
   provided through a patch to Firefox
   <https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-patches/firefox/0026-Isolate-DOM-storage-to-first-party-URI.patch>./


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk