Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #4764

Closed
Open
Opened Dec 22, 2011 by cypherpunks@cypherpunks

TorBrowser: add secure wiping to 'Clear Recent History' (ideally automatic, on shutdown)

High all,

I'm not sure if this is needed considering TorBrowser tries hard to not write to disk. That said, adding (transparent - background) automated single pass secure wiping for Clear Recent History, upon Aurora shutdown, shouldn't add much overhead [1] and may increase security(?).

It's a myth that one needs to use multiple passes for secure wiping of data, e.g., Gutmann method. Those multiple wiping algorithms weren't designed for today's filesystems, thus, one random pass is sufficient to defeat (most ... all?) forensic tools* [2][3].

There is a neat Firefox Add-on I use with Tor Browser, called "Secure Sanitize" [4]. However, it has limitations in terms of automation. Maybe some code from Secure Sanitize could be used in Tor Browser Button?

  • assuming the data was not swapped to paging file, etc.

[1] My computer is an Intel Pentium 4 - 2.80E GHz processor (2800.0 MHz) - with 512 MBytes RAM, running Windows XP SP3. And with ~80-90% of RAM being used by Tor Browser and other system apps (like Firefox streaming music from Pandora), using "Random Data (fast)" wiping algorithm (via the add-on Secure Sanitize) for Clear Recent History (clearing everything), takes only a few seconds.

[2] "Shred files and wipe disks" http://bleachbit.sourceforge.net/documentation/shred-files-wipe-disk

[3] I can provide additional references, incl. from academia, with respect to the issue of one (sound) pass vs multiple passes whilst wiping ('shredding') data.

[4] https://addons.mozilla.org/en-US/firefox/addon/secure-sanitizer/?src=api

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#4764