[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] observation: Browser bundle & secure files deletion



On 10/4/2011 4:38 PM, Robert Ransom wrote:
On 2011-10-04, Joe Btfsplk<joebtfsplk@xxxxxxx>  wrote:
I've thought about TBB&  it insecurely deleting files such as cache when
closing TBB Firefox.  I assume this is what happens - I've investigated
- a BIT -&  seems that's what it does.
If you have evidence that TBB-Firefox stores sensitive information to
disk without a user asking it to, please file a bug report.  One of
the main design goals of Torbutton was to prevent Firefox from ever
writing sensitive information to disk (unless a user has specifically
asked it to, e.g. by changing Torbutton's configuration or adding a
bookmark to Firefox).  See section 1.2 of
https://www.torproject.org/torbutton/design/ .

  *Is this correct?*
I can't tell because you didn't tell us what files you think
TBB-Firefox writes which contain sensitive information.

If true, there's no opportunity to securely wipe the files, rather than
them being insecurely deleted - unless I'm mistaken.  AFAIK, Tor has no
secure wiping capability built in.
Neither Tor nor TBB attempts to securely erase files, because most
filesystems in use on most operating systems (and many modern storage
devices) make securely erasing files infeasible.
Robert, your points are well taken [repeatedly :) ]. You overlooked some possibilities or I wasn't clear. *One * example: Using TBB, if no sites one wants to visit require cookies to operate correctly - or at all, that's fine. But lots of sites won't work correctly w/o cookies. The assumption is perhaps cookies from sites that might get someone in trouble, but is just as important to some users simply for privacy / anonymity. If cookies must be allowed - even if only for a site - w/ default settings of "NOT to clear history when Aurora closes," in Aurora, then deleting those cookies - either thru Aurora "delete history" settings / UI or manually deleting the cookies file in the profile, won't securely delete them.

You're assuming users will never have to change (any) default setting in TBB to make sites *work.* If that were true, things would be much simpler. I agree, using default settings is best, if possible. Another assumption seems that all machines have enough RAM & CPU speed / power, to navigate / access some sites using Tor / TBB, and it not be excruciatingly slow (or impossible), w/o using cache. Not everyone in the U.S., much less Iraq / Iran can afford a newer, faster machine. It would be better if TBB users don't allow caching. For older, slower machines, streaming political videos would be difficult w/o caching. If they just "clear cache," it will be insecurely deleted. Maybe they could d/l the file, but if they want to securely del it after (that doesn't concern TBB, per se), they need to use secure wiping.

I'm assuming the comment about infeasibility of securely erasing files on modern OSs, is based partly on 1) TBB being on same partition as the OS; 2) volume shadow service (Win) or similar is in use on the partition where TBB is running or files being stored (if any are). Many users have only 1 partition - many don't.

I haven't read that that securely wiping * files or free space * on ANY partitions (meaning, none) can ever be effective, IF simple precautions are taken & simple instructions are followed (esp. ones not involving the OS partition). If you know of credible documentation that under NO circumstances, can data be securely & permanently deleted from any location on machines, I truly want to read it, because it will change some of my practices. Like for certain financial files, medical records, letters to doctors, etc.

I think ? what you mentioned is one reason not to install TBB (or any other apps or store files) on OS partition, if want to securely & permanently del info. Another option is to run apps in sandboxed environment. That's why I don't store my vanilla Firefox profiles on C:\ w/ Windows. Otherwise, if VSS is enabled, private data gets stored in it.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk