Big security flaw. Dingleberry downplayed it. Said there was a ticket
   for it, and requested assistance.
   -------- Forwarded Message --------
    Subject: [tor-talk] "recently-used.xbel" file in TBB directory, stores
             data on accessed, downloaded files
       Date: Mon, 18 Sep 2017 13:34:49 -0500
       From: Joe Btfsplk <joebtfsplk@[redacted]>
   Reply-To: [1]tor-talk@lists.torproject.org
         To: [2]tor-talk@lists.torproject.org
This involves *at least* Linux (Mint 18.1) Tor Browser 7.04 and 7.05,
over at least a couple months.
This seems like a huge privacy / anonymity issue.

Why is there a *"recently-used.xbel"*, file in my Tor Browser
installation directory - in path shown and  labeled as file TYPE: "XBEL
bookmarks" recording ACTUAL local file names, dates, times - they were
accessed AND some DOWNLOADED files (like *.pdf) with dates and times?
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.local/share/recently-use
d.xbel.
*TBB is installed in home directory: ~/.torbrowser.*

For instance, Listed is a downloaded *pdf file, about health issues* and
many others.
All dates shown in THIS instance of recently-used.xbel seem to be in
July and Aug, 2017, but I used the same TBB installation before and
after the dates shown in recently-used.xbel .

In Linux, there's also a ~/.local/share/recently-used.xbel file - by
default, but it is set asimmutable, so nothing written to it.

The TBB recently-used.xbel file even shows date and time I downloaded
TBB 7.0.4, and a random 6 digit string added after the "visited" time,
with 'Z" at the end, such as (I removed actual times & 6 digit string:

<bookmark
href="~/Downloads/security/tor/tbb7.0.4/tor-browser-linux64-7.0.4_en-US.tar.xz"
added="2017-08-ddThh:mm:ssZ" modified="2017-08-ddThh:mm:ssZ"
visited="2017-08-ddThh:mm:ss.123456Z">

Each file record shown in "recently-used.xbel" show this:
<bookmark href="file:<path and name> added="2017-mm-ddThh-mm-ssZ"
modified="<time stamp>Z" visited="<time stamp>Z">
     <info>
       <metadata owner=[3]"http://freedesktop.org">
         <mime:mime-type type="application/<file type>"/>
         <bookmark:applications>
           <bookmark:application name="Firefox" exec="&apos;firefox
%u&apos;" modified="<time stamp>Z" count="1"/>
         </bookmark:applications>
       </metadata>
     </info>
   </bookmark>

Also, are files in the  path  below, with .bin or .toc extensions:
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache/*************
*******************/*******************************1af.bin
(very long, random strings, I removed)
  ~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache//**********
**********************/*******************************1af.toc

These .bin and .toc files seem ? related to my Nvidia GPU or drivers?
Not sure what's in them.  The same type files are written to the ~/.nv
folder, but I don't see why they're written to a Tor Browser folder.

I don't know the meaning of  "bookmark" in this context -  in the TBB
recently-used.xbel file.
Tor Browser is supposed to delete / not store any data to disk after
it's closed (or not write to disk at all).



--
tor-talk mailing list - [4]tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
[5]https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References

   1. mailto:tor-talk@lists.torproject.org
   2. mailto:tor-talk@lists.torproject.org
   3. http://freedesktop.org/
   4. mailto:tor-talk@lists.torproject.org
   5. https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk