[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Should DOM storage really be enabled by default in TorBrowser?




Le 19/06/2014 20:51, Georg Koppen a écrit :
DOM Storage in Tor Browser does not save state to disc.

So it's there until you close your browser, that's far enough to track you and expose you.

  And it is bound
to the URL bar domain (see design document).

That's not specific to DOM storage, it just follows the same origin policy like all W3C/WHATWG APIs

That's really strange, why don't you just disable it like cookies, indexedDB, etc?

It has no impact on anything except storing things without your consent, it's obsolete and dangerous, some sites are storing sensitive js code into it, it's not unlikely (and very easy) to hack into it if by any chance you leave your browser 2mn, Tor users should not be exposed to this.

--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk