Big security flaw. Dingleberry downplayed it. Said there was a ticket for it, and requested assistance. -------- Forwarded Message -------- Subject: [tor-talk] "recently-used.xbel" file in TBB directory, stores data on accessed, downloaded files Date: Mon, 18 Sep 2017 13:34:49 -0500 From: Joe Btfsplk <joebtfsplk@[redacted]> Reply-To: tor-talk@lists.torproject.org To: tor-talk@lists.torproject.org This involves *at least* Linux (Mint 18.1) Tor Browser 7.04 and 7.05, over at least a couple months. This seems like a huge privacy / anonymity issue. Why is there a *"recently-used.xbel"*, file in my Tor Browser installation directory - in path shown and labeled as file TYPE: "XBEL bookmarks" recording ACTUAL local file names, dates, times - they were accessed AND some DOWNLOADED files (like *.pdf) with dates and times? ~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.local/share/recently-used.xbel. *TBB is installed in home directory: ~/.torbrowser.* For instance, Listed is a downloaded *pdf file, about health issues* and many others. All dates shown in THIS instance of recently-used.xbel seem to be in July and Aug, 2017, but I used the same TBB installation before and after the dates shown in recently-used.xbel . In Linux, there's also a ~/.local/share/recently-used.xbel file - by default, but it is set asimmutable, so nothing written to it. The TBB recently-used.xbel file even shows date and time I downloaded TBB 7.0.4, and a random 6 digit string added after the "visited" time, with 'Z" at the end, such as (I removed actual times & 6 digit string: <bookmark href="~/Downloads/security/tor/tbb7.0.4/tor-browser-linux64-7.0.4_en-US.tar.xz" added="2017-08-ddThh:mm:ssZ" modified="2017-08-ddThh:mm:ssZ" visited="2017-08-ddThh:mm:ss.123456Z"> Each file record shown in "recently-used.xbel" show this: <bookmark href="file:<path and name> added="2017-mm-ddThh-mm-ssZ" modified="<time stamp>Z" visited="<time stamp>Z"> <info> <metadata owner="http://freedesktop.org"> <mime:mime-type type="application/<file type>"/> <bookmark:applications> <bookmark:application name="Firefox" exec="'firefox %u'" modified="<time stamp>Z" count="1"/> </bookmark:applications> </metadata> </info> </bookmark> Also, are files in the path below, with .bin or .toc extensions: ~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache/********************************/*******************************1af.bin (very long, random strings, I removed) ~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache//********************************/*******************************1af.toc These .bin and .toc files seem ? related to my Nvidia GPU or drivers? Not sure what's in them. The same type files are written to the ~/.nv folder, but I don't see why they're written to a Tor Browser folder. I don't know the meaning of "bookmark" in this context - in the TBB recently-used.xbel file. Tor Browser is supposed to delete / not store any data to disk after it's closed (or not write to disk at all). -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk