[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all

Subject: [tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 27 Jan 2014 20:45:27 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 27 Jan 2014 15:45:21 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10756: TowBrowser should zero-out cleared partial downloads or not delete them at
all
----------------------------------+---------------------------
 Reporter:  mmxbass               |          Owner:  mikeperry
     Type:  defect                |         Status:  new
 Priority:  major                 |      Milestone:
Component:  Firefox Patch Issues  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------------
 Normally, when a file is fully downloaded, the option remains to secure
 delete the file using other tools.

 When canceling a download in progress however, TorBrowser appears to
 simply delete the partial download file, leaving the user with no way to
 cleanwipe the file.

 In the event of inflammatory/seditious/etc material, this may present an
 unacceptable security risk in certain countries.

 IMO, TorBrowser has two possible solutions.

 1: Zero (or, better, multi-pass randomize) the partial download file prior
 to final deletion.
 2: Do not remove the partial download file and inform the user where the
 file is and that they should wipe any potentially incriminating file.

 Obviously an option to choose between these two behaviors (as well as
 normal deletion) would also be acceptable although I believe that option 2
 should be the default.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10756>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9221 [Obfsproxy]: obfsproxy does not have a SOCKS5 listener
Next by Author: Re: [tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all
Previous by thread: Re: [tor-bugs] #9221 [Obfsproxy]: obfsproxy does not have a SOCKS5 listener
Next by thread: Re: [tor-bugs] #10756 [Firefox Patch Issues]: TowBrowser should zero-out cleared partial downloads or not delete them at all
Index(es):
- Author
- Thread