Big security flaw. Dingleberry downplayed it. Said there was a ticket
for it, and requested assistance.
-------- Forwarded Message --------
Subject: [tor-talk] "recently-used.xbel" file in TBB directory, stores
data on accessed, downloaded files
Date: Mon, 18 Sep 2017 13:34:49 -0500
From: Joe Btfsplk
Reply-To: tor-talk@lists.torproject.org
To: tor-talk@lists.torproject.org
This involves *at least* Linux (Mint 18.1) Tor Browser 7.04 and 7.05,
over at least a couple months.
This seems like a huge privacy / anonymity issue.
Why is there a *"recently-used.xbel"*, file in my Tor Browser
installation directory - in path shown and labeled as file TYPE: "XBEL
bookmarks" recording ACTUAL local file names, dates, times - they were
accessed AND some DOWNLOADED files (like *.pdf) with dates and times?
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.local/share/recently-used.xbel.
*TBB is installed in home directory: ~/.torbrowser.*
For instance, Listed is a downloaded *pdf file, about health issues* and
many others.
All dates shown in THIS instance of recently-used.xbel seem to be in
July and Aug, 2017, but I used the same TBB installation before and
after the dates shown in recently-used.xbel .
In Linux, there's also a ~/.local/share/recently-used.xbel file - by
default, but it is set asimmutable, so nothing written to it.
The TBB recently-used.xbel file even shows date and time I downloaded
TBB 7.0.4, and a random 6 digit string added after the "visited" time,
with 'Z" at the end, such as (I removed actual times & 6 digit string:
<bookmark
href="~/Downloads/security/tor/tbb7.0.4/tor-browser-linux64-7.0.4_en-US.tar.xz"
added="2017-08-ddThh:mm:ssZ" modified="2017-08-ddThh:mm:ssZ"
visited="2017-08-ddThh:mm:ss.123456Z">
Each file record shown in "recently-used.xbel" show this:
<info>
<metadata owner="http://freedesktop.org">
bookmark:applications
</metadata>
</info>
</bookmark>
Also, are files in the path below, with .bin or .toc extensions:
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache/********************************/*******************************1af.bin
(very long, random strings, I removed)
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache//********************************/*******************************1af.toc
These .bin and .toc files seem ? related to my Nvidia GPU or drivers?
Not sure what's in them. The same type files are written to the ~/.nv
folder, but I don't see why they're written to a Tor Browser folder.
I don't know the meaning of "bookmark" in this context - in the TBB
recently-used.xbel file.
Tor Browser is supposed to delete / not store any data to disk after
it's closed (or not write to disk at all).
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
