Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • T torbutton
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 72
    • Issues 72
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 1
    • Merge requests 1
  • Deployments
    • Deployments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • torbutton
  • Issues
  • #12683

Closed
Open
Created Jul 23, 2014 by Isis Lovecruft@isis

Permissions in nsIPermissionManager aren't cleared with TorButton's "New Identity"

When TorButton's "New Identity" button is pressed, the permissions stored with nsIPermissionManager aren't cleared, even though nsIPermissionManager.removeAll() is called.

From torbutton_do_new_identity() in src/chrome/content/torbutton.js:

  torbutton_log(3, "New Identity: Clearing permissions");
                       
  let pm = Cc["@mozilla.org/permissionmanager;1"].
           getService(Ci.nsIPermissionManager);
  pm.removeAll();                    

  torbutton_log(3, "New Identity: Sending NEWNYM");

There's a ton of info stored in this thing, including how many time the site has been visited, if popups are allowed, if a site can access offline storage, etc. For me, several dozen sites are listed after clicking "New Identity". It seems to have been keeping these permissions for quite a while, as some of my sites are reported to have hundreds of visits.

To reproduce, do some stuff in TorBrowser for a while, then click "TorButton > New Identity", then navigate to about:permissions.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking