Tor Browser issueshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues2024-03-27T17:15:28Zhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42375newwin: New Identity creates a non-rounded (taller) window, triggering letter...2024-03-27T17:15:28Zma1newwin: New Identity creates a non-rounded (taller) window, triggering letterboxingFrom [this comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41917#note_2985396) of @ruihildt's , I could reproduce on 13.0.8:
"Noticed this weird behavior: when you click on "New Identity", the re-spawn windo...From [this comment](https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41917#note_2985396) of @ruihildt's , I could reproduce on 13.0.8:
"Noticed this weird behavior: when you click on "New Identity", the re-spawn window is using a size that is vertically a few pixels higher than the default size.
This makes the letterboxing apparent in a weird way."
<details><summary>Show screenshot</summary>
![image](/uploads/76e6be07379a5745a375d92103999c30/image.png)
</details>ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42244New Identity refused2023-11-06T23:32:51ZguenterNew Identity refusedclicking on 'New Identity' results in an error message like this (I
replaced German Anwendung by Application)
-->-a-<--
JavaScript Application
New Identity unexpected error: SyntaxError: JSON.parse: expected
double-quoted proper...clicking on 'New Identity' results in an error message like this (I
replaced German Anwendung by Application)
-->-a-<--
JavaScript Application
New Identity unexpected error: SyntaxError: JSON.parse: expected
double-quoted property name at line 5 column 3 of the JSON data
++<-o-++
The browser seems not to be restarted.
OS-Info: Windows 10 Pro (German locale)
Version 22H2
Build 19045.3636
Tor Browser 13.0.1
Maybe this is an operating system related issue, because on debian 11.8 platform a new identity is created and the browser is restarted.guenterguenterhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/42182Default Search Engine Does Not Persist Through Shift to New Identity2023-10-20T16:25:27ZCCRhodeDefault Search Engine Does Not Persist Through Shift to New Identity<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Default Search Engine Does Not Persist Through Shift to New Identity**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1....<!--
* Use this issue template for reporting a new bug.
-->
### Summary
**Default Search Engine Does Not Persist Through Shift to New Identity**
### Steps to reproduce:
**How one can reproduce the issue - this is very important.**
1. Install tor-browser-linux-x86_64-13.0.tar.xz
2. Start ./start-tor-browser.desktop
3. Hamburger > Settings > Search > Find More Search Engines
4. From https://addons.mozilla.org/en-US/firefox/extensions/category/search-tools/ search for brave
5. Install "Brave Search" by Dusan Uveric
6. Hamburger > Settings > Search > Default Search Engine > Brave
7. Hamburger > Quit
8. Start ./start-tor-browser.desktop
9. Hamburger > Settings > Search
10. Note that Default Search Engine is set to "Brave"
11. Hamburger > New Identity
12. Hamburger > Settings > Search
13. Note that Default Search Engine has been reset to DDG
### What is the current bug behavior?
**Shifting to New Identity resets the Default Search Engine.**
### What is the expected behavior?
**The Default Search Engine setting ought to be preserved through a shift to New Identity.**
### Environment
**Linux version 5.10.0-26-amd64 (debian-kernel@lists.debian.org) (gcc-10 (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2) #1 SMP Debian 5.10.197-1 (2023-09-29)**
**TBB was installed from *tar* archive.**
### Relevant logs and/or screenshotsma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41765TTP-02-006 WP1: Information leaks via custom homepage (Low)2023-11-07T17:38:54ZrichardTTP-02-006 WP1: Information leaks via custom homepage (Low)>>>
## Description
It was discovered that setting a custom homepage can lead to information leaks under specific circumstances, specifically when malicious approaches are combined with using the **Reset your Identity** feature. Specifica...>>>
## Description
It was discovered that setting a custom homepage can lead to information leaks under specific circumstances, specifically when malicious approaches are combined with using the **Reset your Identity** feature. Specifically, when a user has their custom homepage opened in a browser tab and then decides to use the **Reset their identity** feature, the homepage will automatically open again after the browser restarts with the **new identity**. If the custom homepage is malicious, it could track the moment the user left the page and infer that the new user who shortly accessed their page is the same as the previous user.
Furthermore, a malicious webpage could use the `onbeforeunload` function to determine with confidence whether the user initiated an identity reset. If the user tried to close the browser or navigate away, the `onbeforeunload` dialog would be displayed and block further actions, giving enough time for the script to ping the server. In contrast, if the user chose to reset their identity, the browser would be automatically closed, and no ping would be sent. The PoC below demonstrates how the above sequence could be achieved. Additional steps to track when the user left and rejoined the page would have to be added to properly infer the user's new identity.
## PoC:
```html
<script>
let exit;
onbeforeunload = () => { exit = true; return ""; }
let timer = setInterval (()=>{
if (exit) {
let img = new Image();
img.src = "/exited";
clearInterval (timer) ;
timer = false;
}
}, 1);
</script>
```
## Steps to reproduce:
1. Open the Tor Browser and connect to it.
2. Save the PoC above as an HTML file and open it on the Tor Browser.
3. Observe a request made to /exited if the user tried to close the browser or navigate away from the tab. See that the data will be handled differently if the user tries to reset their identity.
To mitigate this issue, Cure53 advises removing the ability to set custom homepages from the options available to users. Alternatively, the custom homepage should not be opened automatically upon usage of the Reset your Identity feature.
>>>ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41516100 pixels is letterboxed from the bottom of the window after clicking "New I...2023-08-22T20:56:51ZGhost User100 pixels is letterboxed from the bottom of the window after clicking "New Identity"### Environment
I'm using Windows 11 22H2 with 200% scaling on a 4K monitor.
### Steps to reproduce:
1. Freshly open Tor Browser
2. Visit a website and there will be no letterboxing and the browser size will be 1000x900.
3. Press the Ne...### Environment
I'm using Windows 11 22H2 with 200% scaling on a 4K monitor.
### Steps to reproduce:
1. Freshly open Tor Browser
2. Visit a website and there will be no letterboxing and the browser size will be 1000x900.
3. Press the New Identity button.
4. Visit a website and the window will look to be the same size as before but 100 "browser pixels" will be letterboxed from the bottom.
### What is the current bug behavior?
The full amount of the default browser window size is not used after pressing New Identity and is letterboxed.
### What is the expected behavior?
The default browser window size after pressing New Identity should be big enough that there is no letterboxing.ma1ma1https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41154Review Mozilla 1765167: Deprecate Cu.import2022-10-18T12:23:25ZrichardReview Mozilla 1765167: Deprecate Cu.import## https://bugzilla.mozilla.org/show_bug.cgi?id=1765167
I suspect you've already discovered this, but fyi for the tor-laucher and torbutton migration/refactors
cc @ma1## https://bugzilla.mozilla.org/show_bug.cgi?id=1765167
I suspect you've already discovered this, but fyi for the tor-laucher and torbutton migration/refactors
cc @ma1Sponsor 131 - Phase 3 - Major ESR 102 MigrationPier Angelo VendramePier Angelo Vendramehttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/41105Tor Browser Does Not Clear CORS Preflight Cache despite creating a “New Ident...2022-11-29T15:41:35ZrichardTor Browser Does Not Clear CORS Preflight Cache despite creating a “New Identity”via hackerone:
- Title: Tor Does Not Clear CORS Preflight Cache despite creating a “New Identity”
- Scope: Tor Browser
- Weakness: Information Disclosure
- Severity: Medium (4.3)
- Link: https://hacker...via hackerone:
- Title: Tor Does Not Clear CORS Preflight Cache despite creating a “New Identity”
- Scope: Tor Browser
- Weakness: Information Disclosure
- Severity: Medium (4.3)
- Link: https://hackerone.com/reports/1652022
- Date: 2022-07-27 19:24:33 +0000
- By: @mirmasoodali
- CVE IDs:
Details:
## Summary:
Tor triggers CORS Preflight Requests using the OPTIONS method similar to other browsers, including Firefox. Although the cache has been keyed to the top-level site, and depends on the URL of the requested resource, it does not get cleared when the user creates a “new identity”, and persists until the browsing instance has been quit. This increases the duration for which a user can be tracked, despite explicitly requesting to be forgotten.
## Steps To Reproduce:
The attack has three phases:
1. Generate and store the browser ID,
2. Clear Browser Data
3. Read the stored browser ID.
For simplicity, in the description below we assume that a tracking site makes the following domains publicly accessible -- (1.tracker.com, 2.tracker.com, 3.tracker.com, …, 32.tracker.com).
1. Write Browser ID
a. When a user visits a website, say attacker.com, it can make a CORS request to canary.tracker.com.
i. If canary.tracker.com does not observe an OPTIONS-based preflight request, before observing a request for the resource, an ID already exists in the cache. The attacker can proceed to the read phase.
ii. If canary.tracker.com observes an OPTIONS-based preflight request, no ID has yet been set. The following steps can be executed.
b. The attacker creates a 32-bit ID, 1011…0011, and associates this ID with the tracking domains
- 1.tracker.com -> Bit 1
- 2.tracker.com -> Bit 2
- 3.tracker.com -> Bit 3
…
i. Send CORS requests to each tracking domain associated with a bit that is equal to 1.
ii. The client will first send a CORS Preflight Request before sending the actual request for each domain. The domains respond with an Access-Control-Max-Age header set to the maximum acceptable value, i.e., 2 hours.
iii. The client caches the response to the preflight request.
2. The user clicks on the “New Identity” button in the browser’s toolbar.
3. Read Browser ID
a. When a user visits the attacker website, attacker.com, the attacker makes a CORS request to canary.tracker.com.
i. If canary.tracker.com observes an OPTIONS-based preflight request, no ID has yet been set. The attacker can first proceed to the write phase.
ii. If canary.tracker.com does not observe an OPTIONS-based preflight request, before observing a GET request for the resource, an ID already exists in the cache. The following steps can be executed.
b. The attacker sends 32 network requests, one to each tracking domain, to read back each bit associated with it.
- 1.tracker.com -> Bit 1
- 2.tracker.com -> Bit 2
- 3.tracker.com -> Bit 3
…
i. If a domain receives a resource request without initially observing a preflight request, the preflight for that domain was served from the cache.
ii. These domains are associated with a bit value of `1`.
If a domain receives a preflight request before receiving a request for the domain, no entry for that domain was available in the client’s preflight cache.
iii. These domains are associated with a bit value of `0`.
The attacker hence reconstructs the 32-bit identifier and recognizes the unique browser instance, despite the user creating a “new identity”.
## Supporting Material/References:
Proof-of-Concept Files Attached:
- Express Server: server.js
- Write 32-bit Identifier: write.html
- Read 32-bit Identifier: read.html
## Credit Information
Mir Masood Ali, PhD student, University of Illinois at Chicago
Binoy Chitale, MS student, Stony Brook University
Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago
Chris Kanich, Associate Professor, University of Illinois at Chicago
Nick Nikiforakis, Associate Professor, Stony Brook University
Jason Polakis, Assistant Professor, University of Illinois at Chicago
## Impact
An attacker website can track a user across visits from the same browser instance, despite the user requesting a "new identity".
- [read.html](/uploads/37c2db77c5b29a6950899e82943522be/read.html)
- [server.js](/uploads/faae7bd88a5373319f4e27db0a261824/server.js)
- [write.html](/uploads/7f1a9cd3ac502f96154a0ef848a24c03/write.html)Sponsor 131 - Phase 2 - Privacy BrowserDan BallardDan Ballardhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/32987page info window kept after new identy2020-06-27T14:32:08ZTracpage info window kept after new identyright click on any page
click view page info
click new identity button
view page window remains
leaks across identities?
**Trac**:
**Username**: anonright click on any page
click view page info
click new identity button
view page window remains
leaks across identities?
**Trac**:
**Username**: anonhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40988Consider using Services.clearData for some new identity steps2023-09-20T17:45:49ZAlex CatarineuConsider using Services.clearData for some new identity stepsAs noted in legacy/trac#30504, there are several steps of new identity data clearing which can be performed via `Services.clearData(SOME_FLAG_COMBINATION)`.As noted in legacy/trac#30504, there are several steps of new identity data clearing which can be performed via `Services.clearData(SOME_FLAG_COMBINATION)`.Sponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/30504Investigate if New Identity works properly after moving to ESR 682020-07-14T22:25:12ZAlex CatarineuInvestigate if New Identity works properly after moving to ESR 68Apparently, it seems to be working. But after reloading Browser Console shows a few errors and warnings:
`PushService: onPermissionChange: Error updating registrations: InvalidStateError PushService.jsm:302`
`An IndexedDB transaction t...Apparently, it seems to be working. But after reloading Browser Console shows a few errors and warnings:
`PushService: onPermissionChange: Error updating registrations: InvalidStateError PushService.jsm:302`
`An IndexedDB transaction that was not yet complete has been aborted due to page navigation. IndexedDBHelper.jsm:145:23`
`Error: _initWorker called too early! Please read the session file from disk first. SessionFile.jsm:334:15`
`TypeError: win.gBrowser is undefined ProcessHangMonitor.jsm:410:18`https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29957clicking on "click to play" media leaks URLs via NoScript on-disk preferences2020-06-27T14:33:55ZTaylor Yuclicking on "click to play" media leaks URLs via NoScript on-disk preferencesA user in `#tor` reports that clicking on "click to play" media leaks sensitive information by causing NoScript to save the URL to disk. It's not clear whether this is an instance of legacy/trac#29646. It also seems that these URLs persi...A user in `#tor` reports that clicking on "click to play" media leaks sensitive information by causing NoScript to save the URL to disk. It's not clear whether this is an instance of legacy/trac#29646. It also seems that these URLs persist for search bar completion briefly beyond "New Identity", but not beyond a browser restart.
partial IRC logs below:
```
29T22:27 <XXXXX> i'd like to report a bug in noscript in tor browser
29T22:28 <XXXXX> when media is "click to play" and i click it, the browser
SAVES IT in HISTORY
29T22:28 <XXXXX> even though it is tor browser, when i start up the browser
days later i find that noscript has saved that site url to
the hard drive... tor browser is not supposed to keep
history
29T22:29 <XXXXX> it was visible in "per-site permissions" in the noscript
settings
29T22:30 <XXXXX> it includes ILLEGAL (lgbt resources) in my country, that i
do not want anyone to see, but it was still being saved by
tor browser
29T22:31 <XXXXX> i did not do anything "unusual" like changing settings or
tweaking. i only had security slider MEDIUM and when click
to play media appeared i clicked it
29T22:32 <XXXXX> i cleared the history and bleachbit wiped the computer but
i'm scared
...
29T22:39 <catalyst> XXXXX: that does sound scary in your situation. and it
does sound like a bug. what OS and Tor Browser version?
29T22:40 <XXXXX> catalyst: windows 7 tor browser 8.0.8
...
29T22:45 <catalyst> XXXXX: thanks. i'm asking around
29T22:46 <XXXXX> ok!
29T22:46 <XXXXX> what do i need to do to erase it? i pressed "reset
settings" in noscript and i think that worked and i ran
bleachbit too
29T22:47 <catalyst> XXXXX: that depends on how thoroughly you need to erase
it, unfortunately
29T22:48 <XXXXX> i dont want family or authorities to see it
...
29T22:48 <XXXXX> ok and doing that with bleachbit "erase free space" helps?
...
29T22:50 <XXXXX> it erases free space because deleting files is recoverable
29T22:51 <catalyst> XXXXX: that sounds like it should help. i'm not
personally familiar with bleachbit so i can't say whether
or not it will be effective in this case
29T22:51 <XXXXX> ok
29T22:52 <catalyst> operating systems like Tails provide additional isolation
(i believe Tails won't ever write to a disk unless you
explicitly ask it to)
29T22:57 <catalyst> XXXXX: may i paste your report into a public bug
report? (redacting your IRC nickname)
29T22:57 <XXXXX> catalyst: yes ok
29T22:57 <catalyst> XXXXX: thanks
29T22:58 <XXXXX> catalyst: when i clicked "reset" on the noscript settings
it broke some things i think the "default settings" are
not the same ones tor uses so resetting to default breaks
some things. a check mark is now checked called "override
tor browser security preset" and even on MEDIUM slider
settings it makes javascript disabled
29T22:58 <XXXXX> so also the reset option breaks things too!
29T23:03 <catalyst> XXXXX: that sounds unfortunate, but not too surprising.
Tor Browser can't always handle unusual user interactions
with the components it depends on. we can only try to fix
stuff like this as we learn about it
29T23:03 <XXXXX> ok
29T23:03 <XXXXX> i'll delete and insteall the browser again
...
29T23:12 <XXXXX> catalyst: one other scary thing that might be related.
when i visit sites after i press "new identity" that
restarts the browser. when the new browser opens then i
type something into the search bar at the top and
sometimes it suggests the sites i was just viewing BUT for
a split second then they vanish!
29T23:13 <XXXXX> i only noticed it when pressing "new identity" but not if
i close the browser then open it myself instead. but after
the suggested sites vanish they don't appear again and
that is weird
29T23:15 <@arma> XXXXX: i would believe this -- new identity does a pile of
things, and it does them in some order. it should probably
change its order so you don't get confused into thinking it is
done until it really is done.
29T23:15 <catalyst> XXXXX: that does seem scary. the behavior difference
between "new identity" and restarting the browser is
helpful to know, though. i'll add it to the bug report
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27663Readd New Identity menuitem to Torbutton menu until we redesigned our securit...2020-06-27T14:34:58ZGeorg KoppenReadd New Identity menuitem to Torbutton menu until we redesigned our security controlsI think it was a mistake to remove the New Identity option in Torbutton's menu before we redesigned the security controls AND before we had some guidance where we moved it to.
Let's readd it until we have a proper transition ready.
(Fo...I think it was a mistake to remove the New Identity option in Torbutton's menu before we redesigned the security controls AND before we had some guidance where we moved it to.
Let's readd it until we have a proper transition ready.
(For reference, this change was made in legacy/trac#26321.)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/27511Add New identity button to toolbar2020-06-27T14:35:06ZTracAdd New identity button to toolbarPlease, make possible to put a "new identity button" in the toolbar.
**Trac**:
**Username**: isnaiterPlease, make possible to put a "new identity button" in the toolbar.
**Trac**:
**Username**: isnaiterhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26260After 'New Identity' when I press the onion button I don't get the nice graph...2020-06-27T14:35:51ZcypherpunksAfter 'New Identity' when I press the onion button I don't get the nice graph with the countries of the connectionReproduced in Tails and Debian with TBB.
Steps to reproduce:
- Start Tor Browser
- Click on the Onion button -> Nice graph is shown with the different nodes the connection is going through
- Select New Identity
- Click onion again
No ...Reproduced in Tails and Debian with TBB.
Steps to reproduce:
- Start Tor Browser
- Click on the Onion button -> Nice graph is shown with the different nodes the connection is going through
- Select New Identity
- Click onion again
No more pretty graphshttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40961New Identity does not clear HTTPS Everywhere extension storage2022-09-29T19:05:57ZTracNew Identity does not clear HTTPS Everywhere extension storageWhen "New Identity" button is pressed, the information stored by extensions like HTTPS Everywhere is not cleared.
This might contain information, like domains which the user added as an exception.
Because, this persists on disk and is ...When "New Identity" button is pressed, the information stored by extensions like HTTPS Everywhere is not cleared.
This might contain information, like domains which the user added as an exception.
Because, this persists on disk and is not cleared on Tor shoutdown or manually clicking "New Identity", it leaves traces of users browsing habits.
Steps to reproduce:
1. Visit a website like cnn.com.
2. Click on HTTPS Everywhere Icon, and uncheck CNN.COM.
3. Restart Tor or Click on New Identity,
4. Visit the same site again, the setting is remembered by extension.
Data on disk:
~/Library/Application\ Support/TorBrowser-Data/Browser/profile/browser-extension-data/https-everywhere-eff@eff.org/storage.js:{"ruleActiveStates":{"CNN.com (partial)":false},"migration_version":1}
Ideally, extensions should be careful while saving data to disks. But may be Tor can also clear the storage on New Identity.
**Trac**:
**Username**: kmodiSponsor 131 - Phase 2 - Privacy Browserhttps://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/24421"Temporarily allow all this page" get inherited when New Identity is chosen.2020-06-27T14:36:38Zcypherpunks"Temporarily allow all this page" get inherited when New Identity is chosen.How to reproduce:
1. Open Tor Browser.
2. Select "High" Security Setting.
3. Go to https://github.com/
4. Click on NoScript icon and choose "Temporarilly allow all this page".
5. You can note that when the page gets refreshed the canvas...How to reproduce:
1. Open Tor Browser.
2. Select "High" Security Setting.
3. Go to https://github.com/
4. Click on NoScript icon and choose "Temporarilly allow all this page".
5. You can note that when the page gets refreshed the canvas prompt is displayed.
6. Select New Identity in the Torbutton.
7. Go to https://github.com/
8. You can notice that the canvas prompt is displayed (meaning JS is enabled, which in turn implies that "Temporarilly allow all this page" gets inherited when New Identity is chosen.)https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/20902Torbutton's New Identity fails under high load2020-06-27T14:38:23ZGeorg KoppenTorbutton's New Identity fails under high loadIt seems there are cases where our New Identity fails under high load. In this case users are getting the following error:
```
Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.
Are you run...It seems there are cases where our New Identity fails under high load. In this case users are getting the following error:
```
Torbutton cannot safely give you a new identity. It does not have access to the Tor Control Port.
Are you running Tor Browser Bundle?
```
This got reported on our blog: https://blog.torproject.org/blog/tor-browser-65a5-released#comment-223933.https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19995New Identity does not clear HSTS state anymore2020-06-27T14:38:49ZGeorg KoppenNew Identity does not clear HSTS state anymoreA while back Mozilla changed the way site security preferences are handled. The permission manager is not responsible for them anymore. This affects clearing HSTS (and possibly other state) on New Identity: it does not get deleted anymor...A while back Mozilla changed the way site security preferences are handled. The permission manager is not responsible for them anymore. This affects clearing HSTS (and possibly other state) on New Identity: it does not get deleted anymore.
This is a spin-off of legacy/trac#18589https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19876Memory leak: a lot of private strings (New Identity doesn't help)2022-07-14T13:24:57ZbugzillaMemory leak: a lot of private strings (New Identity doesn't help)Add-on eats memory (measured after New Identity):
```
396.83 MB (100.0%) -- explicit
├──338.72 MB (85.36%) -- js-non-window
│ ├──213.99 MB (53.92%) -- zones
│ │ ├──201.19 MB (50.70%) -- zone(0x5644a80)
│ │ │ ├───44.10 MB (11.11%) -...Add-on eats memory (measured after New Identity):
```
396.83 MB (100.0%) -- explicit
├──338.72 MB (85.36%) -- js-non-window
│ ├──213.99 MB (53.92%) -- zones
│ │ ├──201.19 MB (50.70%) -- zone(0x5644a80)
│ │ │ ├───44.10 MB (11.11%) -- strings
│ │ │ │ ├──25.50 MB (06.43%) -- (276 tiny)
│ │ │ │ │ ├───1.32 MB (00.33%) ++ string(length=65, copies=16827, "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0")
│ │ │ │ │ ├───1.01 MB (00.25%) ── string(length=8, copies=33147, "HTTP/1.1")/gc-heap/latin1
│ │ │ │ │ ├───0.82 MB (00.21%) ++ string(length=4112, copies=207, "Bugzilla_login_request_cookie=BFcSJVoFrY; github_secret=BfpXCUcCE5t1S3Z9; LASTORDER=bug_status%2Cpriority%2Cassigned_to%2Cbug_id;" (truncated))
│ │ │ │ │ ├───0.75 MB (00.19%) ── string(length=15, copies=24533, "Accept-Encoding")/gc-heap/latin1
│ │ │ │ │ ├───0.72 MB (00.18%) ++ string(length=37, copies=14052, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256")
│ │ │ │ │ ├───0.71 MB (00.18%) ── string(length=10, copies=23350, "Connection")/gc-heap/latin1
│ │ │ │ │ ├───0.67 MB (00.17%) ++ string(length=84, copies=6938, "trac_form_token=fd9d72f5b4cd93e1480c148c; trac_auth=5600191927c0d02b1262131d6ee91acd")
│ │ │ │ │ ├───0.41 MB (00.10%) ++ string(length=25, copies=10285, "Strict-Transport-Security")
│ │ │ │ │ ├───0.37 MB (00.09%) ++ string(length=19, copies=16351, "trac.torproject.org")/gc-heap
│ │ │ │ │ ├───0.28 MB (00.07%) ++ string(length=595, copies=486, "yandex_login=bugzilla; stngs=colorful::on:")
And many many others...
```https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/19779new identity shortcut don't work with toggle tools2020-06-27T14:38:53ZTracnew identity shortcut don't work with toggle toolsnew identy shortcut don't work with toggle tools.
**Trac**:
**Username**: f451022new identy shortcut don't work with toggle tools.
**Trac**:
**Username**: f451022