Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-09 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-disk-leak, tbb-newnym,   |  Actual Points:
  noscript, TorBrowserTeam202006 |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-disk-leak, tbb-newnym, noscript => tbb-disk-leak, tbb-
 newnym, noscript, TorBrowserTeam202006
 * status:  needs_information => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:13 ma1]:
 > After some thinking I've decided that the new Incognito-restricted UI is
 a very good idea for Firefox and Chromium users in PBM. It's neutral for
 vanilla Tor Browser users (who can't see it by default anyway), and it's
 likely annoying for users who took the pain of restoring the NoScript
 button and checking the "''Override Tor Browser's Security Level preset''"
 option for the sole purpose of customizing their permissions and having
 them survive sessions.
 >
 > Therefore https://github.com/hackademix/noscript/releases/tag/11.0.27rc6
 disables non-temporary presets in the popup UI for all PBM users except
 those who choose to "have it their way" (with ''Override Tor Browser
 etc.''), while click to play permissions (the scope of this bug) are
 always made temporary for all PBM and Tor Browser window (but can be
 turned into permanent from the ''Per-site Permissions'' UI).

 Great, thanks. A quick test of the latest NoScript (11.0.30) shows that
 this bug is fixed. Yay!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 OK, after some thinking I've decided that the new Incognito-restricted UI
 is a very good idea for Firefox and Chromium users in PBM. It's neutral
 for vanilla Tor Browser users (who can't see it by default anyway), and
 it's likely annoying for users who took the pain of restoring the NoScript
 button and checking the "''Override Tor Browser's Security Level preset''"
 option for the sole purpose of customizing their permissions and having
 them survive sessions.

 Therefore rc6 disables non-temporary presets in the popup UI for all PBM
 users except those who choose to "have it their way" (with ''Override Tor
 Browser etc.''), while click to play permissions (the scope of this bug)
 are always made temporary for all PBM and Tor Browser window (but can be
 turned into permanent from the ''Per-site Permissions'' UI).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 Just to be clear, 11.0.27 in PBM tabs/windows does the following:

 1. Disables any contextual widget (in tab-originated the popups) leading
 to give permanent permissions (and therefore URLs to persisted on the
 disk): therefore you can only set Temp. TRUSTED or Temp. CUSTOM (neither
 TRUSTED, UNTRUSTED or permanent CUSTOM) unless that was the setting when
 the UI popup has been opened
 2. When unblocking a media element, the permission is always marked as
 temporary and never persisted to the disk.

 Of course you can still turn the temporary permissions to permanent from
 the "Per-site preferences" options panel, if you really want to.

 I'm not sure whether 1 is too strict for people who intentionally checked
 "override Tor Browser security policies", since this would erase any
 permission customization on browser restarts (as all Tor Browser windows
 are incognito, right?), but it seemed a transparent middle-way to help
 them not to shoot themselves in the foot. What do you think?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 OK, in the end I managed to squeeze it into 11.0.27rc5 (I'm about to
 submit 11.0.27 "stable" to AMO), because it felt just too important to
 wait anymore.

 Please check
 https://github.com/hackademix/noscript/releases/tag/11.0.27rc5

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 Replying to [comment:9 gk]:

 > Thanks (i guess you mean 11.0.27, right? ;)). I think binding it to Tor
 Browser might not be the best option.

 Sorry, that's 11.0.28 (as 11.0.27 is shipping today) and PBM on any
 browser, rather than just Tor Browser, you're right (not enough coffee
 this morning).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:8 ma1]:
 > Replying to [comment:5 gk]:
 > > Okay, thanks for those steps that helped me a lot. Giorgio: given that
 this violates assumptions about Private Browsing Mode (PBM) usage (There
 should not be leaked any information about web browsing to disk in that
 mode let alone possibly problematic URLs) is there a way for NoScript to
 actually adhere to the PBM rules the user/Tor Browser has intentionally
 enabled? Like saving the exceptions in memory and only there if in PBM? It
 seems to me there is no reason to save them to disk in that case.
 >
 > Yes, it can be done. I'll need to flag all permissions as temporary
 (maybe if not explicitly overridden by the user some way, e.g. via an
 option in the confirmation dialog) for sessions where the Tor Browser is
 detected as the host.
 >
 > I will put this in 11.0.25.

 Thanks (i guess you mean 11.0.27, right? ;)). I think binding it to Tor
 Browser might not be the best option. It seems to me the PMB/non-PBM
 distinction is important here. I doubt Firefox users in PBM expect their
 site exceptions to be written to disk either given their conscious choice
 to enable PBM in the first place. Thus, respecting *that* distinction
 seems more important than Tor Browser/non-Tor Browser AND it fits better
 to the mental model (Tor) Browser users have.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by ma1):

 Replying to [comment:5 gk]:
 > Okay, thanks for those steps that helped me a lot. Giorgio: given that
 this violates assumptions about Private Browsing Mode (PBM) usage (There
 should not be leaked any information about web browsing to disk in that
 mode let alone possibly problematic URLs) is there a way for NoScript to
 actually adhere to the PBM rules the user/Tor Browser has intentionally
 enabled? Like saving the exceptions in memory and only there if in PBM? It
 seems to me there is no reason to save them to disk in that case.

 Yes, it can be done. I'll need to flag all permissions as temporary (maybe
 if not explicitly overridden by the user some way, e.g. via an option in
 the confirmation dialog) for sessions where the Tor Browser is detected as
 the host.

 I will put this in 11.0.25.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2020-06-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: m1 (removed)
 * cc: ma1 (added)


Comment:

 Ha, I added the wrong handle to Cc :(. ma1: see my idea in comment:5 for
 this issue. Not sure if that's something doable, though.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-10-28 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by cypherpunks):

 This bug needs more attention now that **click-to-play was made DEFAULT in
 Tor Browser 9.0**.  On all three security levels, plugins.click_to_play =
 true.  I noticed it was enabled because I had to click "play" on every
 YouTube video.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-04-10 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
-+-
 Reporter:  catalyst |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_information
 Priority:  High |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym, noscript  |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * cc: m1 (added)
 * keywords:  tbb-disk-leak, tbb-newnym => tbb-disk-leak, tbb-newnym,
   noscript


Comment:

 Okay, thanks for those steps that helped me a lot. Giorgio: given that
 this violates assumptions about Private Browsing Mode (PBM) usage (There
 should not be leaked any information about web browsing to disk in that
 mode let alone possibly problematic URLs) is there a way for NoScript to
 actually adhere to the PBM rules the user/Tor Browser has intentionally
 enabled? Like saving the exceptions in memory and only there if in PBM? It
 seems to me there is no reason to save them to disk in that case.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-04-05 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 Here is *exactly* what I did to confirm it:

 1. Deleted Tor Browser directory

 2. Installed fresh Tor Browser 8.0.8

 3. Changed security slider to "Safer"

 4. Navigated to
 
https://upload.wikimedia.org/wikipedia/commons/transcoded/2/22/Volcano_Lava_Sample.webm/Volcano_Lava_Sample.webm.360p.vp9.webm

 5. Clicked to play

 6. Looked at NoScript settings page and confirmed it was whitelisted

 7. Restarted browser

 Before step 5, I looked at the sqlite in an online sqlite viewer and it
 said the collection_name was default/{73a6fe31-595d-
 460b-a920-fcc0f8843232}, the record_id was key-policy, and the record was
 this:

 {{{
 {"id":"key-
 
policy","key":"policy","data":{"DEFAULT":{"capabilities":["fetch","font","frame","object","other","script","webgl"],"temp":false},"TRUSTED":{"capabilities":["fetch","font","frame","media","object","other","script","webgl"],"temp":false},"UNTRUSTED":{"capabilities":["frame","font"],"temp":false},"sites":{"trusted":[],"untrusted":["http:"],"custom":{}},"enforced":true,"autoAllowTop":false},"_status":"created"}
 }}}

 After step 7 I looked at the same record, and now it was this:

 {{{
 {"id":"key-
 
policy","key":"policy","data":{"DEFAULT":{"capabilities":["fetch","font","frame","object","other","script","webgl"],"temp":false},"TRUSTED":{"capabilities":["fetch","font","frame","media","object","other","script","webgl"],"temp":false},"UNTRUSTED":{"capabilities":["frame","font"],"temp":false},"sites":{"trusted":[],"untrusted":["http:"],"custom":{"https://upload.wikimedia.org/wikipedia/commons/transcoded/2/22/Volcano_Lava_Sample.webm/Volcano_Lava_Sample.webm.360p.vp9.webm":{"capabilities":["fetch","font","frame","object","other","script","webgl","media"],"temp":false}}},"enforced":true,"autoAllowTop":false},"_status":"created"}
 }}}

 That sqlite file is stored on the disk.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-04-05 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 In the file called storage-sync.sqlite (in profile.default) I have this
 text copied from Notepad (example and not everything in the .sqlite file,
 just the relevant part):

 {{{
 
["fetch","font","frame","object","other","script","webgl","media"],"temp":false},"https://upload.wikimedia.org/wikipedia/commons/transcoded/0/0a/Comparing_CMEs.ogv/Comparing_CMEs.ogv.480p.vp9.webm":{"capabilities":["fetch","font","frame","object","other","script","webgl","media"],"temp":false}}},"enforced":true,"autoAllowTop":false},"_status":"created"}‚';i
 ƒedefault/{73a6fe31-595d-460b-a920-fcc0f8843232}key-sync{"id":"key-
 
sync","key":"sync","data":{"global":false,"xss":true,"cascadeRestrictions":true,"xssScanRequestBody":false,"xssBlockUnscannedPOST":true,"overrideTorBrowserPolicy":false,"clearclick":true,"storage":"sync"},"_status":"created"}
 }}}

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-04-05 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---

Comment (by cypherpunks):

 Replying to [comment:1 gk]:
 > I tried to reproduce both issues but failed with a clean Tor Browser
 8.0.8 on Windows 7. So, I wonder what goes wrong on the user's computer.
 Maybe some extra tools installed are interfering?

 I just tried this on my own Windows 7 computer with browser 8.0.8 and it
 *does* persist for me. I went to Wikipedia with the slider set to "Safer"
 and viewed some videos that were click-to-play. After restarting Tor
 Browser and checking the NoScript settings "per-site permissions", the
 whitelisted URLs are being shown like this one:

 >
 
https://upload.wikimedia.org/wikipedia/commons/transcoded/0/0a/Comparing_CMEs.ogv/Comparing_CMEs.ogv.480p.vp9.webm

 I restarted Tor Browser with New Identity, and I closed and re-opened it,
 and I rebooted my computer, so I can *confirm* that this is an issue!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-04-01 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
---+---
 Reporter:  catalyst   |  Owner:  tbb-team
 Type:  defect | Status:  needs_information
 Priority:  High   |  Milestone:
Component:  Applications/Tor Browser   |Version:
 Severity:  Normal | Resolution:
 Keywords:  tbb-disk-leak, tbb-newnym  |  Actual Points:
Parent ID: | Points:
 Reviewer: |Sponsor:
---+---
Changes (by gk):

 * keywords:  tbb-disk-leak, newnym => tbb-disk-leak, tbb-newnym
 * status:  new => needs_information


Comment:

 I tried to reproduce both issues but failed with a clean Tor Browser 8.0.8
 on Windows 7. So, I wonder what goes wrong on the user's computer. Maybe
 some extra tools installed are interfering?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #29957 [Applications/Tor Browser]: clicking on "click to play" media leaks URLs via NoScript on-disk preferences

2019-03-29 Thread Tor Bug Tracker & Wiki 
#29957: clicking on "click to play" media leaks URLs via NoScript on-disk
preferences
--+
 Reporter:  catalyst  |  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  High  |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-disk-leak,
  |  newnym
Actual Points:|  Parent ID:
   Points:|   Reviewer:
  Sponsor:|
--+
 A user in `#tor` reports that clicking on "click to play" media leaks
 sensitive information by causing NoScript to save the URL to disk. It's
 not clear whether this is an instance of #29646. It also seems that these
 URLs persist for search bar completion briefly beyond "New Identity", but
 not beyond a browser restart.

 partial IRC logs below:

 {{{
 29T22:27  i'd like to report a bug in noscript in tor browser
 29T22:28  when media is "click to play" and i click it, the browser
  SAVES IT in HISTORY
 29T22:28  even though it is tor browser, when i start up the
 browser
  days later i find that noscript has saved that site
 url to
  the hard drive... tor browser is not supposed to keep
  history
 29T22:29  it was visible in "per-site permissions" in the noscript
  settings
 29T22:30  it includes ILLEGAL (lgbt resources) in my country, that
 i
  do not want anyone to see, but it was still being
 saved by
  tor browser
 29T22:31  i did not do anything "unusual" like changing settings or
  tweaking. i only had security slider MEDIUM and when
 click
  to play media appeared i clicked it
 29T22:32  i cleared the history and bleachbit wiped the computer
 but
  i'm scared
 ...
 29T22:39  X: that does sound scary in your situation. and it
 does sound like a bug. what OS and Tor Browser
 version?
 29T22:40  catalyst: windows 7 tor browser 8.0.8
 ...
 29T22:45  X: thanks. i'm asking around
 29T22:46  ok!
 29T22:46  what do i need to do to erase it? i pressed "reset
  settings" in noscript and i think that worked and i
 ran
  bleachbit too
 29T22:47  X: that depends on how thoroughly you need to
 erase
 it, unfortunately
 29T22:48  i dont want family or authorities to see it
 ...
 29T22:48  ok and doing that with bleachbit "erase free space"
 helps?
 ...
 29T22:50  it erases free space because deleting files is
 recoverable
 29T22:51  X: that sounds like it should help. i'm not
 personally familiar with bleachbit so i can't say
 whether
 or not it will be effective in this case
 29T22:51  ok
 29T22:52  operating systems like Tails provide additional
 isolation
 (i believe Tails won't ever write to a disk unless you
 explicitly ask it to)
 29T22:57  X: may i paste your report into a public bug
 report? (redacting your IRC nickname)
 29T22:57  catalyst: yes ok
 29T22:57  X: thanks
 29T22:58  catalyst: when i clicked "reset" on the noscript settings
  it broke some things i think the "default settings"
 are
  not the same ones tor uses so resetting to default
 breaks
  some things. a check mark is now checked called
 "override
  tor browser security preset" and even on MEDIUM
 slider
  settings it makes javascript disabled
 29T22:58  so also the reset option breaks things too!
 29T23:03  X: that sounds unfortunate, but not too
 surprising.
 Tor Browser can't always handle unusual user
 interactions
 with the components it depends on. we can only try to
 fix
 stuff like this as we learn about it
 29T23:03  ok
 29T23:03  i'll delete and insteall the browser again
 ...
 29T23:12  catalyst: one other scary thing that might be related.
  when i visit sites after i press "new identity" that
  restarts the browser. when the new browser opens then
 i
  type something into the search bar at the top and
  sometimes it suggests the sites i was just viewing
 BUT for
  a split second then they vanish!
 29T23:13  i only noticed it when pressing "new identity" but not if
  i close the browser then open it myself instead. but
 after
  the suggested sites vanish they don't appear again
 and