Design-Documents/Tor-Browser-Design-Doc.md

@@ -289,11 +289,13 @@ Adversaries may position themselves at a number of possible locations in order t
 
     Additionally, at this position the adversary may block Tor, or attempt to recognize the traffic patterns of specific web pages at the entrance to the Tor network.
 
-7. **Physical access**
+7. **Physical or remote access**
 
-    Adversaries may have intermittent or constant physical access to users' computers.
-    Such adversaries would include system administrators, other users of a shared system, or domestic partners.
-    They may also be able to compel users to surrender their encryption keys.
+    Adversaries may have intermittent or constant access to a target's computer hardware.
+    Such adversaries would include law enforcement, system administrators, other users of a shared system, or domestic partners.
+    Adversaries may also be able to compel targets to surrender their passwords or encryption keys.
+
+    We assume these adversaries do not have the ability to run arbitrary code on the target's computer during a browsing session. Rather, we assume only passive forensic access after browsing has taken place.
 
 8. **Release infrastructure**
 
@@ -393,7 +395,20 @@ The adversary can perform the following attacks from a number of possible positi
 1. **Read the local disk**
 
     - **Positioning**
-        - Physical Access
+        - Physical or remote access
+
+    Adversaries with access to a user's machine may try to learn a user's browsing history by inspecting persisted artifacts stored on disk.
+
+    Such artifacts could include:
+
+    - Browser history
+    - Cookies
+    - Per-site permissions
+    - Site exceptions
+    - Saved authentication credentials
+    - Cached data
+    - System logs
+    - Recent files lists
 
 #### Old