[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #22867 [Applications/Tor Browser]: us-u.openx.net URL saved in the Tor Browser places.sqlite database as part of the browsing history
#22867: us-u.openx.net URL saved in the Tor Browser places.sqlite database as part
of the browsing history
------------------------------------------+----------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
The situation that I am describing may or may not be due to an error in
the Tor Browser software ("defect" may not be the best category), but it
seems somewhat anomalous and may be worth noting and may be of interest to
others.
In summary, from what I can tell, an instance of the URL
https://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-
92c5-0b3d1d4c9b7a (which may well have been embedded in a different page)
ended up in Tor Browser's [http://kb.mozillazine.org/Places.sqlite
places.sqlite database] as if it was saved as part of the user's browsing
history. This on-disk database is used to store such information as
bookmarks, browsing history, favicons, and annotations, among other
things. At the same time, from what I understand, Tor Browser is
preconfigured to not save any browsing history to the disk, and I do not
remember reconfiguring Tor Browser with the purpose of changing this
aspect.
The software configuration in question was a recent version of the Tor
Browser Bundle (most likely 7.0.2) 32-bit running under Xubuntu Linux
16.04. I do not remember installing any additional extensions into Tor
Browser.
When entering text in the address bar, Tor Browser displayed a list of
suggestions underneath the address bar. This would be expected. In
addition to pages that had been bookmarked, however, the list of
suggestions also included the URL
https://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-
92c5-0b3d1d4c9b7a. This URL was not among the pages that I had bookmarked
in the browser. In addition, from what I remember, the inclusion of the
openx.net URL in the suggestions list happened when text was entered into
the address bar immediately after Tor Browser had been launched.
From [https://developer.mozilla.org/en-
US/docs/Mozilla/Tech/Places/Database information elsewhere], there is an
SQLite database in a file, '''places.sqlite''', that is used by Tor
Browser (and Mozilla Firefox) for storing information relating to
bookmarked sites and browsing history. In the case of the Tor Browser
Bundle under Xubuntu Linux, the location of this file is `tor-browser_en-
US/Browser/TorBrowser/Data/Browser/profile.default/places.sqlite`,
assuming the default root directory `tor-browser_en-US`.
With the command-line sqlite3 software, I examined the contents of the
places.sqlite file. For the moz_places table, there were a number of
entries, including sites that had been bookmarked but also an entry for
the openx.net URL that had shown up in the suggestions list.
{{{
sqlite> select
id,url,title,rev_host,visit_count,hidden,typed,frecency,datetime((moz_places.last_visit_date/1000000),
'unixepoch') from moz_places where url like "%openx.net%";
8|https://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-
92c5-0b3d1d4c9b7a||ten.xnepo.u-su.|1|1|0|-1|2017-06-27 21:59:47
}}}
According to the [https://digital-
forensics.sans.org/blog/2009/07/15/firefox-3-history schema for the
moz_places table] and the results of the above query, the primary key
index (`id`) for the openx.net URL is 8. The `hidden` field has a value of
1, indicating that the URL was one that was not navigated to directly by
the user (i.e. the URL was for content that was embedded in a page) and
the `typed` field has a value of 0, indicating that the URL was not typed
directly into the location bar.
In the moz_bookmarks table, which holds information about bookmarked
pages, there is (as expected) no entry for the openx.net URL:
{{{
sqlite> select * from moz_bookmarks where fk is 8;
sqlite>
}}}
According to [https://www.forensicmag.com/article/2013/04/mozilla-firefox-
forensics-part-4 this page], the `fk` column in the moz_bookmarks table
holds the primary key index for the moz_places entry that was bookmarked.
The moz_inputhistory table does not appear to contain any entries:
{{{
sqlite> select * from moz_inputhistory;
sqlite>
}}}
Notably, the moz_historyvists table does contain a single entry. This
entry corresponds to the openx.net URL.
{{{
sqlite> select id, from_visit, place_id,
datetime((moz_historyvisits.visit_date/1000000), 'unixepoch'), visit_type
from moz_historyvisits;
1|0|8|2017-06-27 21:59:47|5
}}}
In the results of the query, the `place_id` column has the value 8, which
corresponds to the primary key index for the openx.net URL. The
`visit_type` field has a value of 5, which indicates a permanent redirect,
according to
[https://davidkoepi.wordpress.com/2010/11/27/firefoxforensics/ this page].
As far as whether the openx.net URL has appeared elsewhere, a Web search
led to this [https://webcookies.org/cookies/kulr8.com/4013627 "Cookie and
Security Scan Report" for kurl8.com]. In the report, there is mention of a
similar URL, http://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-
92c5-0b3d1d4c9b7a&bi=1e76f9dc-b164-49ba-aef9-3f1a93d491e5.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22867>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs