Big security flaw. Dingleberry downplayed it. Said there was a ticket for it, and requested assistance.



-------- Forwarded Message --------
Subject: [tor-talk] "recently-used.xbel" file in TBB directory, stores data on accessed, downloaded files
Date: Mon, 18 Sep 2017 13:34:49 -0500
From: Joe Btfsplk <joebtfsplk@[redacted]>
Reply-To: tor-talk@lists.torproject.org
To: tor-talk@lists.torproject.org


This involves *at least* Linux (Mint 18.1) Tor Browser 7.04 and 7.05, 
over at least a couple months.
This seems like a huge privacy / anonymity issue.

Why is there a *"recently-used.xbel"*, file in my Tor Browser 
installation directory - in path shown and  labeled as file TYPE: "XBEL 
bookmarks" recording ACTUAL local file names, dates, times - they were 
accessed AND some DOWNLOADED files (like *.pdf) with dates and times?
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.local/share/recently-used.xbel. 
*TBB is installed in home directory: ~/.torbrowser.*

For instance, Listed is a downloaded *pdf file, about health issues* and 
many others.
All dates shown in THIS instance of recently-used.xbel seem to be in 
July and Aug, 2017, but I used the same TBB installation before and 
after the dates shown in recently-used.xbel .

In Linux, there's also a ~/.local/share/recently-used.xbel file - by 
default, but it is set asimmutable, so nothing written to it.

The TBB recently-used.xbel file even shows date and time I downloaded 
TBB 7.0.4, and a random 6 digit string added after the "visited" time, 
with 'Z" at the end, such as (I removed actual times & 6 digit string:

<bookmark 
href="~/Downloads/security/tor/tbb7.0.4/tor-browser-linux64-7.0.4_en-US.tar.xz" 
added="2017-08-ddThh:mm:ssZ" modified="2017-08-ddThh:mm:ssZ" 
visited="2017-08-ddThh:mm:ss.123456Z">

Each file record shown in "recently-used.xbel" show this:
<bookmark href="file:<path and name> added="2017-mm-ddThh-mm-ssZ" 
modified="<time stamp>Z" visited="<time stamp>Z">
     <info>
       <metadata owner="http://freedesktop.org">
         <mime:mime-type type="application/<file type>"/>
         <bookmark:applications>
           <bookmark:application name="Firefox" exec="&apos;firefox 
%u&apos;" modified="<time stamp>Z" count="1"/>
         </bookmark:applications>
       </metadata>
     </info>
   </bookmark>

Also, are files in the  path  below, with .bin or .toc extensions:
~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache/********************************/*******************************1af.bin 
(very long, random strings, I removed)
  ~/.torbrowser/torbrowser-7.0/tor-browser_en-US/Browser/.nv/GLCache//********************************/*******************************1af.toc

These .bin and .toc files seem ? related to my Nvidia GPU or drivers?  
Not sure what's in them.  The same type files are written to the ~/.nv 
folder, but I don't see why they're written to a Tor Browser folder.

I don't know the meaning of  "bookmark" in this context -  in the TBB 
recently-used.xbel file.
Tor Browser is supposed to delete / not store any data to disk after 
it's closed (or not write to disk at all).



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk