New Identity does not clear HTTPS Everywhere extension storage
When "New Identity" button is pressed, the information stored by extensions like HTTPS Everywhere is not cleared.
This might contain information, like domains which the user added as an exception. Because, this persists on disk and is not cleared on Tor shoutdown or manually clicking "New Identity", it leaves traces of users browsing habits.
Steps to reproduce:
- Visit a website like cnn.com.
- Click on HTTPS Everywhere Icon, and uncheck CNN.COM.
- Restart Tor or Click on New Identity,
- Visit the same site again, the setting is remembered by extension.
Data on disk: ~/Library/Application\ Support/TorBrowser-Data/Browser/profile/browser-extension-data/https-everywhere-eff@eff.org/storage.js:{"ruleActiveStates":{"CNN.com (partial)":false},"migration_version":1}
Ideally, extensions should be careful while saving data to disks. But may be Tor can also clear the storage on New Identity.
Trac:
Username: kmodi