Skip to content

Tor Browser history leaked to syslogs via GNOME

Summary

Tab titles are sometimes logged by GNOME to /var/log/syslog, effectively causing browsing habits to persist on the system, even after closing Tor Browser. As Tor Browser does not save history by default, many users will not expect this.

Steps to reproduce:

  1. Open a new Tor Browser window.
  2. (optional) "Connect" to the Tor network and navigate to an arbitrary website.
  3. Press the Super key (default) to open the GNOME activities menu.
  4. Review syslog via cat /var/log/syslog | grep -i "browser"

What is the current bug behavior?

I see results containing Tor Browser tab titles, such as the titles of opened websites.

What is the expected behavior?

I expect not to see my visited website titles in any system file without my authorization.

More strongly, I don't expect GNOME (which may log all sorts of things) to require access to my visited website titles.

Environment

  • OS Version: Pop! OS 22.04
  • GNOME Shell Version: 3.38.6
  • Tor Browser Version: 12.5.2
  • Tor Browser Installation Method: "Linux" binary from https://www.torproject.org/download/

Relevant logs and/or screenshots

[/var/log/syslog]
[snip]
Aug  9 11:23:52 pop-os gnome-shell[2864]: Couldn't find child [0x5558d69f7880 Gjs_ui_windowPreview_WindowPreview ("cute cats at DuckDuckGo — Tor Browser")] in window slots
Aug  9 11:23:53 pop-os gnome-shell[2864]: Couldn't find child [0x5558d69f7880 Gjs_ui_windowPreview_WindowPreview:first-child last-child ("cute cats at DuckDuckGo — Tor Browser")] in window slots
Aug  9 11:27:28 pop-os gnome-shell[2864]: Couldn't find child [0x5558da9ea870 Gjs_ui_windowPreview_WindowPreview:first-child last-child ("[Wayland] [3.38.3] Shell freezes/stops reacting to most input (#3706) · Issues · GNOME / gnome-shell · GitLab — Tor Browser")] in window slots
Aug  9 11:27:31 pop-os gnome-shell[2864]: Couldn't find child [0x5558da9ea870 Gjs_ui_windowPreview_WindowPreview:first-child last-child ("[Wayland] [3.38.3] Shell freezes/stops reacting to most input (#3706) · Issues · GNOME / gnome-shell · GitLab — Tor Browser")] in window slots
[snip]