[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33540 [Applications/Tor Browser]: Cookie exceptions are deleted when Tor Browser is closed

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #33540 [Applications/Tor Browser]: Cookie exceptions are deleted when Tor Browser is closed
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 08 Mar 2020 06:21:19 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 08 Mar 2020 01:21:30 -0500
In-reply-to: <050.c554471d22270b6f28cfe74b2551dda1@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <050.c554471d22270b6f28cfe74b2551dda1@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33540: Cookie exceptions are deleted when Tor Browser is closed
--------------------------------------+---------------------------
 Reporter:  silverwolf                |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  not a bug
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+---------------------------
Changes (by Thorin):

 * status:  reopened => closed
 * resolution:   => not a bug


Comment:

 Tor Browser in non-PB mode is not supported: so this is not a bug, closing

 ---

 FWIW: I had a play around. It seems that cookies are still memory only and
 permissions.sqlite is never created regardless of the prefs. I'm not sure
 why that is, but it's not something we support or recommend.


 {{{
 1. start in normal mode
         = browser.privatebrowsing.autostart = false
 2. keep site permissions
         =  permissions.memory_only = false
 3. delete cookies & site data on close
         = about:preferences#privacy > Cookies and Site Data
         = network.cookie.lifetimePolicy = 2
 4. go to website and add exception
         = right click on the page > View Page Info
         = permissions tab, change "Set Cookies" from default to "Allow"
 5. check exception
         = about:preferences#privacy Exceptions - Cookies and Site Data
         = you should have your entry keyed by Origin Attributes
         = `https://example.com^firstPartyDomain=example.com`
 }}}

 I used https://ghacksuserjs.github.io/TorZillaPrint/sanitizing.html

 After loading the test site, and getting web data set
 - I inspected `cookies.sqlite` and **nothing** was stored
 - I inspected `webappsstore.sqlite` and localStorage was stored
    - note: there may be quirks with async timing and dom.storage.next_gen
 = false
 - I inspected the profile's IDB (../storage/default/) and it had data
 written to disk
    -
 `https+++ghacksuserjs.github.io^firstPartyDomain=ghacksuserjs.github.io`
 - There is **no** `permissions.sqlite` created

 Closed Tor Browser. Restarted. The site exception is gone because
 permissions.sqlite does not exist. Visited my test page, and only the IDB
 entry persisted - which makes sense because unless you made additional
 changes, you're not clearing IDB on close. IDB is not available in PB mode
 and Tor Browser doesn't do anything special with it. **Congrats, you've
 now allowed a persistent tracking mechanism in your setup**. LocalStorage
 is a bit of mess, so ignore that.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33540#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #33540 [Applications/Tor Browser]: Cookie exceptions are deleted when Tor Browser is closed
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #33702 [Applications/Tor Browser]: RSA_get0_d could not be located in the dynamic link library tor.exe
Next by Author: Re: [tor-bugs] #33536 [Internal Services/Tor Sysadmin Team]: Add aliases to apache config on check-01
Previous by thread: Re: [tor-bugs] #33540 [Applications/Tor Browser]: Cookie exceptions are deleted when Tor Browser is closed
Next by thread: Re: [tor-bugs] #31063 [Community/Relays]: GoodBad ISPs should move to community portal
Index(es):
- Author
- Thread