[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
From: Aymeric Vitte <vitteaymeric@xxxxxxxxx>
Date: Fri, 20 Jun 2014 00:25:17 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Jun 2014 18:27:19 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=P/zexjte/J5K/cuJ2sDRqT/LBp+74V3b6KOPIxr+fpc=; b=sdZVQNKCQb314Pn5iKtPJSUBaeEOskBigONPyQgXWwmRt2vQ2LuFPDZGf+mSJu+U7W UnQVvtA+qfRA7YdQC7abP0ZXw9jK4P6LKmr/i9l2plA2K5HFPBfH/8SbnD+Y9M8kjTNq yexRKaYBBxJ51YPljtv01SrFHIOZLqPVTPaQ3awTp0X2oBbHW1IAYfARal+ck7KwdSBa Qj6MxigS4u0pLKaPz84VpyvpHzE0Z8Qz87g2JVGz4F91MugiNrT/bRiiUzLhfqUiTRE+ BCHUHeGwokgbwYevb9eo/BKF5FvWRp2lrVZGdORth5iDDYwUnhA6Ls0JXxrCvXW4TOEk 7//A==
In-reply-to: <53A33139.7050405@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <53A30C94.1080506@xxxxxxx> <53A33139.7050405@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; rv:24.0) Gecko/20100101 Thunderbird/24.6.0


Le 19/06/2014 20:51, Georg Koppen a écrit :

DOM Storage in Tor Browser does not save state to disc.

So it's there until you close your browser, that's far enough to trackyou and expose you.

  And it is bound
to the URL bar domain (see design document).

That's not specific to DOM storage, it just follows the same originpolicy like all W3C/WHATWG APIs

That's really strange, why don't you just disable it like cookies,indexedDB, etc?

It has no impact on anything except storing things without your consent,it's obsolete and dangerous, some sites are storing sensitive js codeinto it, it's not unlikely (and very easy) to hack into it if by anychance you leave your browser 2mn, Tor users should not be exposed to this.


--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
  - From: Georg Koppen
- Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
  - From: Georg Koppen

References:
- [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
  - From: Joe Btfsplk
- Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
  - From: Georg Koppen

Prev by Author: Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Next by Author: Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Previous by thread: Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Next by thread: Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?
Index(es):
- Author
- Thread