Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2023-11-01T12:45:57Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25633Ctrl-D makes it too easy to create bookmarks accidentally2023-11-01T12:45:57ZcypherpunksCtrl-D makes it too easy to create bookmarks accidentallyIt used to be the case that pressing Ctrl-D would pop up a dialog box prompting you to create a bookmark (or cancel.)
A few releases ago, Firefox changed this behavior. Now, Ctrl-D creates a bookmark, then pops up a dialog prompting yo...It used to be the case that pressing Ctrl-D would pop up a dialog box prompting you to create a bookmark (or cancel.)
A few releases ago, Firefox changed this behavior. Now, Ctrl-D creates a bookmark, then pops up a dialog prompting you to edit the bookmark (or delete it.)
This is a subtle distinction, but potentially an important one, for two reasons.
**1. Pressing Escape after Ctrl-D doesn't undo the bookmarking operation as you might expect.** It's very easy to press Ctrl-D by mistake when you mean to press, say, Ctrl-F. If you've just pressed a key you didn't intend to press, without knowing what it does, and an unexpected dialog appears in your peripheral vision, it's natural to react by pressing Escape ("oops, didn't mean that.") And if you do that, and the dialog disappears in response, it's quite natural to assume that you successfully cancelled whatever action it was that you inadvertently initiated.
**2. Pressing Ctrl-D immediately saves the current URL to disk** (namely, in places.sqlite), without any further confirmation. Even if you are paying attention, a simple slip of the finger can potentially create a persistent record of your browsing activity. (Even if you delete the bookmark immediately, it won't be purged from places.sqlite right away.)
This UI change was a bad idea, but in "normal" Firefox usage, it's usually only a minor annoyance - I end up with a bunch of random accidental bookmarks at the bottom of the menu that I need to clean out every couple of months. But in the Tor Browser context, it's potentially quite dangerous, as it violates the disk avoidance principle.
Saving bookmarks without the user's consent may or may not have any practical impact in most cases. But it can have a major impact on users' confidence in the browser. For that reason, Tor Browser can and should do better.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/25064Don't record update history on the Tor Browser2023-06-28T08:16:00ZcypherpunksDon't record update history on the Tor Browser1. Open "about:support".
2. Click "Show update history".
My TBB shows long history.
Can you stop logging these(and clear existing history)?
The date/time information is useful to track Tor users.1. Open "about:support".
2. Click "Show update history".
My TBB shows long history.
Can you stop logging these(and clear existing history)?
The date/time information is useful to track Tor users.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/23664Deal with UUID for content sandbox temp folder on Windows and Mac2024-01-05T16:08:12ZGeorg KoppenDeal with UUID for content sandbox temp folder on Windows and Maccomment:56:ticket:16010 mentioned:
```
Very important side issue is that the sandboxing feature adds `security.sandbox.content.tempDirSuffix` pref which is a 128-bit GUID that allows to uniquely identify your copy of Tor Browser. It is p...comment:56:ticket:16010 mentioned:
```
Very important side issue is that the sandboxing feature adds `security.sandbox.content.tempDirSuffix` pref which is a 128-bit GUID that allows to uniquely identify your copy of Tor Browser. It is persistent and leaves unique traces on every machine you use in system %TEMP% folder.
```
We should find a good way dealing with that. Maybe a first start is to set the pref, so that every Windows user has the same sandbox temp dir name.Sponsor 131 - Phase 5 - Ongoing Maintenancehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22867Some URLs are saved in the Tor Browser places.sqlite database as part of the ...2023-01-05T16:41:48ZcypherpunksSome URLs are saved in the Tor Browser places.sqlite database as part of the browsing historyThe situation that I am describing may or may not be due to an error in the Tor Browser software ("defect" may not be the best category), but it seems somewhat anomalous and may be worth noting and may be of interest to others.
In summa...The situation that I am describing may or may not be due to an error in the Tor Browser software ("defect" may not be the best category), but it seems somewhat anomalous and may be worth noting and may be of interest to others.
In summary, from what I can tell, an instance of the URL https://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-92c5-0b3d1d4c9b7a (which may well have been embedded in a different page) ended up in Tor Browser's [places.sqlite database](http://kb.mozillazine.org/Places.sqlite) as if it was saved as part of the user's browsing history. This on-disk database is used to store such information as bookmarks, browsing history, favicons, and annotations, among other things. At the same time, from what I understand, Tor Browser is preconfigured to not save any browsing history to the disk, and I do not remember reconfiguring Tor Browser with the purpose of changing this aspect.
The software configuration in question was a recent version of the Tor Browser Bundle (most likely 7.0.2) 32-bit running under Xubuntu Linux 16.04. I do not remember installing any additional extensions into Tor Browser.
When entering text in the address bar, Tor Browser displayed a list of suggestions underneath the address bar. This would be expected. In addition to pages that had been bookmarked, however, the list of suggestions also included the URL https://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-92c5-0b3d1d4c9b7a. This URL was not among the pages that I had bookmarked in the browser. In addition, from what I remember, the inclusion of the openx.net URL in the suggestions list happened when text was entered into the address bar immediately after Tor Browser had been launched.
From [information elsewhere](https://developer.mozilla.org/en-US/docs/Mozilla/Tech/Places/Database), there is an SQLite database in a file, **places.sqlite**, that is used by Tor Browser (and Mozilla Firefox) for storing information relating to bookmarked sites and browsing history. In the case of the Tor Browser Bundle under Xubuntu Linux, the location of this file is `tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/places.sqlite`, assuming the default root directory `tor-browser_en-US`.
With the command-line sqlite3 software, I examined the contents of the places.sqlite file. For the moz_places table, there were a number of entries, including sites that had been bookmarked but also an entry for the openx.net URL that had shown up in the suggestions list.
```
sqlite> select id,url,title,rev_host,visit_count,hidden,typed,frecency,datetime((moz_places.last_visit_date/1000000), 'unixepoch') from moz_places where url like "%openx.net%";
8|https://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-92c5-0b3d1d4c9b7a||ten.xnepo.u-su.|1|1|0|-1|2017-06-27 21:59:47
```
According to the [schema for the moz_places table](https://digital-forensics.sans.org/blog/2009/07/15/firefox-3-history) and the results of the above query, the primary key index (`id`) for the openx.net URL is 8. The `hidden` field has a value of 1, indicating that the URL was one that was not navigated to directly by the user (i.e. the URL was for content that was embedded in a page) and the `typed` field has a value of 0, indicating that the URL was not typed directly into the location bar.
In the moz_bookmarks table, which holds information about bookmarked pages, there is (as expected) no entry for the openx.net URL:
```
sqlite> select * from moz_bookmarks where fk is 8;
sqlite>
```
According to [this page](https://www.forensicmag.com/article/2013/04/mozilla-firefox-forensics-part-4), the `fk` column in the moz_bookmarks table holds the primary key index for the moz_places entry that was bookmarked.
The moz_inputhistory table does not appear to contain any entries:
```
sqlite> select * from moz_inputhistory;
sqlite>
```
Notably, the moz_historyvists table does contain a single entry. This entry corresponds to the openx.net URL.
```
sqlite> select id, from_visit, place_id, datetime((moz_historyvisits.visit_date/1000000), 'unixepoch'), visit_type from moz_historyvisits;
1|0|8|2017-06-27 21:59:47|5
```
In the results of the query, the `place_id` column has the value 8, which corresponds to the primary key index for the openx.net URL. The `visit_type` field has a value of 5, which indicates a permanent redirect, according to [this page](https://davidkoepi.wordpress.com/2010/11/27/firefoxforensics/).
As far as whether the openx.net URL has appeared elsewhere, a Web search led to this ["Cookie and Security Scan Report" for kurl8.com](https://webcookies.org/cookies/kulr8.com/4013627). In the report, there is mention of a similar URL, http://us-u.openx.net/w/1.0/pd?plm=10&ph=e26121be-304d-460c-92c5-0b3d1d4c9b7a&bi=1e76f9dc-b164-49ba-aef9-3f1a93d491e5.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/22642TorBrowser 7.x Mac - Disable kMDItemWhereFroms extended attributes at least i...2022-11-29T14:13:04ZcypherpunksTorBrowser 7.x Mac - Disable kMDItemWhereFroms extended attributes at least in Private Browsing ModeIn late 2016, Mozilla developers implemented kMDItemWhereFroms extended attribute metadata on macOS to behave more like Safari (however Safari, rather surprisingly for Apple, doesn't write xattrs in private browsing).
When files are do...In late 2016, Mozilla developers implemented kMDItemWhereFroms extended attribute metadata on macOS to behave more like Safari (however Safari, rather surprisingly for Apple, doesn't write xattrs in private browsing).
When files are downloaded, Firefox (v51+) writes the URL of downloaded files to a kMDItemWhereFroms entry in the file's extended attribute, even in Private Browsing mode. This metadata can be viewed using "xattr -l <file>" and removed using "xattr -rc <file>", but on later versions of 10.12 this metadata is usually also written to ~Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
I plan to file a bug on bugzilla and ask the devs who implemented it whether they could add an about:config pref or disable the functionality in private browsing, but in case they don't respond, I thought I'd file a ticket here too since TorBrowser is now on v52ESR.
Here's the bugzilla bug where the developers originally implemented the kMDItemWhereFroms functionality.
https://bugzilla.mozilla.org/show_bug.cgi?id=337051https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20339tor-browser mozilla_user0 directory often appear in /tmp2024-03-15T16:04:30ZTractor-browser mozilla_user0 directory often appear in /tmptor-browser-linux64-6.0.5_en-US
sometimes a this directory appear: /tmp/mozilla_user0
Modification time is updated every now and then.
I think is used to store temporary data ( user data ? ).
That doesn't happen often.
For example it h...tor-browser-linux64-6.0.5_en-US
sometimes a this directory appear: /tmp/mozilla_user0
Modification time is updated every now and then.
I think is used to store temporary data ( user data ? ).
That doesn't happen often.
For example it happen sometimes watching youtube ( maybe some advertisement or script ?) and when a download is finished to save to disk in mega, the site.
This happen when I run Tor Browser.
It happen every now and then, frequently.
My privacy settings are at default ( low ).
If I delete that directory, sometimes it is recreated.
If I close Tor-Browser, the directory stay there.
Which conditions let the directory mozilla_user0 appear in /tmp ?
What about linux x86 (32bit), Windows and macOS versions ?
That could be privacy related or worse?
Happy to contribute
**Trac**:
**Username**: anonhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20329Prevent add-ons updates from being written to the OS temporary directory2023-01-05T17:04:06ZbugzillaPrevent add-ons updates from being written to the OS temporary directoryExample:
```
1475974982800 addons.xpi DEBUG Download started for https://www.eff.org/files/https-everywhere-5.2.5-eff.xpi to file C:\Users\%USERNAME%\AppData\Local\Temp\tmp-v8h.xpi
```Example:
```
1475974982800 addons.xpi DEBUG Download started for https://www.eff.org/files/https-everywhere-5.2.5-eff.xpi to file C:\Users\%USERNAME%\AppData\Local\Temp\tmp-v8h.xpi
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18587"Download an external file type" doesn't work as expected2023-01-05T17:01:28Zcypherpunks"Download an external file type" doesn't work as expectedI clicked a pdf file in hardened tor browser (a6--I don't see it in "versions") and got a popup warning of the dangers of downloaded files. OK. I clicked "Automatically download files from now on" and "download" and the very next screen ...I clicked a pdf file in hardened tor browser (a6--I don't see it in "versions") and got a popup warning of the dangers of downloaded files. OK. I clicked "Automatically download files from now on" and "download" and the very next screen asked me whether to open or download. I already told it to always download! And that's what I want, and I can click another "always" button there to fix it for pdfs, but now I have to do that for every file type I see (the preferences have no way to set download as default). Worse, "open" is the default and I consider that dangerous.
Either the text needs to be changed to match the real behavior (in that case please add some option to bypass the open/download dailog) or the "always download" box should do what it says. In any case I don't think "open" should be the default on the next screen.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18166TBB continuously updates its Custom Destinations file on Win72022-07-12T21:06:29ZbugzillaTBB continuously updates its Custom Destinations file on Win7TBB continuously updates its Custom Destinations (def.: https://blogs.microsoft.co.il/sasha/2009/02/24/windows-7-taskbar-custom-destinations/) file (in **%appdata%\Microsoft\Windows\Recent**) on Win7.
Example: https://chromium-build-logs...TBB continuously updates its Custom Destinations (def.: https://blogs.microsoft.co.il/sasha/2009/02/24/windows-7-taskbar-custom-destinations/) file (in **%appdata%\Microsoft\Windows\Recent**) on Win7.
Example: https://chromium-build-logs.appspot.com/viewlog/raw/AMIfv94tusHalcqStZPT2jxqjdP-9rOkCcqjhLf2xB1BZab1hYhBql2FfdQI6I-CItcqXjQ5xWu23OF5KODrhcUxEKW35Bv_riDt1L_YIboliQjkrH98p6cwGg8bRd6VQvqrHG9M6yk-LNQVA24NrtaJAisGjKCTcLmS8oQ3cHXtYpBlUGMOykshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18101IP leak from Windows/macOS UI dialog with URI2024-01-09T14:37:48ZTracIP leak from Windows/macOS UI dialog with URIIt is possible for the client IP to leak from the browser and onto the network via the Windows API when prompted with Windows dialog box to select files.
Not entirely sure if this is a bug, but should at least be documented.
Steps to r...It is possible for the client IP to leak from the browser and onto the network via the Windows API when prompted with Windows dialog box to select files.
Not entirely sure if this is a bug, but should at least be documented.
Steps to reproduce:
1. Visit a website that provides an upload box.
2. Instead of selecting a file, paste a URI as a file name.
3. The IP is leaked.
This may potentially work with Ctrl+O (Open File) and Ctrl+S (Save Page As).
Tested on Windows 7 and verified with Wireshark.
**Trac**:
**Username**: uileakhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/17596risk/benefit of 'startupCache' suggest eliminating it2023-01-05T16:58:12Zstarlightrisk/benefit of 'startupCache' suggest eliminating itMy natural aversion to any file with a name containing "cache" has cause me to script the removal of 'startupCache.8.little' every time Tor Browser starts. So far I detect no loss of functionality, and the elimination of a potential vec...My natural aversion to any file with a name containing "cache" has cause me to script the removal of 'startupCache.8.little' every time Tor Browser starts. So far I detect no loss of functionality, and the elimination of a potential vector for malware persistence causes me to feel slightly safer. Whatever miniscule improvement in start time that might result from this file pales in comparison to the potential risk it presents.
Perhaps it should be eliminated from standard TBB Firefox?
TBB 5.0.4https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/8916Windows Prefetch records the Tor Browser Bundle2022-11-29T13:45:46ZRuna SandvikWindows Prefetch records the Tor Browser BundleA forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that the Windows Prefetcher keeps records of the different Tor Browser Bundle applications:
* C:\Windows\Prefetch\START TOR BROWSER.EXE-F5557F...A forensic analysis of the Tor Browser Bundle (version 2.3.25-6, 64-bit) on Windows 7 showed that the Windows Prefetcher keeps records of the different Tor Browser Bundle applications:
* C:\Windows\Prefetch\START TOR BROWSER.EXE-F5557FAC.pf
* C:\Windows\Prefetch\TBB-FIREFOX.EXE-350502C5.pf
* C:\Windows\Prefetch\TOR-BROWSER-2.3.25-6\_EN-US.EX-1354A499.pf
* C:\Windows\Prefetch\TOR.EXE-D7159D93.pf
* C:\Windows\Prefetch\VIDALIA.EXE-5167E0BC.pf
The following cache files are most likely similar to prefetch files and might contain traces of the Tor Browser Bundle:
* C:\Users\runa\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
* C:\Users\runa\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000006.db
* C:\Windows\AppCompat\Programs\RecentFileCache.bcfhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/7449TorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various ...2024-03-15T16:04:30ZTracTorBrowser creates temp files in Linux /tmp & Windows %temp% and OSX(various places) during the file downloads dialog & when using internal browser video player 1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216 for example).
2. Select file to download (pdf for example: http://arxiv.org/pdf/1207.5216v2).
3. See the dialog: `External application is needed to handle`... 1. Open a webpage with downloadable links (http://arxiv.org/abs/1207.5216 for example).
2. Select file to download (pdf for example: http://arxiv.org/pdf/1207.5216v2).
3. See the dialog: `External application is needed to handle` with two buttons: `launch` and `cancel`.
4. Only launch is available to start download. Select it.
5. Second dialog asks to open with `/usr/bin/xpdf (default)` or `Save`.
6. Don't press `Save` immediately. See in a terminal random name of file, sometimes with a part of contents:
{{{
ls -la /tmp
$ file /tmp/oeXvw4D+.pdf.part
/tmp/oeXvw4D+.pdf.part: PDF document, version 1.5
}}}
Tbb ignored `tor-browser_en-US/tmp` and use system /tmp
7. After pressing `Save` file removed from /tmp.
This behaviour potentially affects users local anonimity with unencrypted and non-attached to memory system /tmp dirs; and affects users with portable TorBrowser versions. Partially downloaded files will saved in /tmp in the cases of TBB crushes or not completely erased. Will be preferably to isolate TorBrowser activity in user local catalogs only.
**Trac**:
**Username**: unknownhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/4763TorBrowser remembers location of last locally-opened file: "File > Open File ...2022-11-30T16:45:12ZcypherpunksTorBrowser remembers location of last locally-opened file: "File > Open File ..."This seems like less-than-ideal behavior.
Ex., TBB is used as the local Tor, Vidalia and browser by Alice, on her computer. However, Bob also has access to Alice's computer because they live together. Alice was looking at a local file ...This seems like less-than-ideal behavior.
Ex., TBB is used as the local Tor, Vidalia and browser by Alice, on her computer. However, Bob also has access to Alice's computer because they live together. Alice was looking at a local file she doesn't want Bob to see, but Bob does see the file when he too uses TBB as the local Tor, Vidalia and browser. Of course, Bob found the local file by mistake when he was trying to open a different local file.