I've thought about TBB & it insecurely deleting files such as cache when closing TBB Firefox. I assume this is what happens - I've investigated - a BIT - & seems that's what it does. *Is this correct?* If true, there's no opportunity to securely wipe the files, rather than them being insecurely deleted - unless I'm mistaken. AFAIK, Tor has no secure wiping capability built in.

Don't remember reading in documentation, either that users should be aware of this & take appropriate action, or that TBB already handles it securely. Also, no mention of a list of files TBB deletes on shut down, that users might consider the possibility of data being recoverable.

If true, the only way to wipe any sensitive info (Ex.: so a repressive gov't can't recover info from HDD), would be use a prgm to wipe free space on the partition containing TBB. If it is installed on a flash drive, that could be wiped, but principal is still the same.

Since many users install most everything to C:\ - esp. in Windows (in TBB case, unzip to a folder), then wiping free space process on the OS partition - which MAY be the whole HDD for some users, ALWAYS involves some risk to file(s) corruption. I've never had a disaster wiping free space, but forums like Eraser, CCleaner & others are full of posts about the process (apparently) severely damaging the OS.

If my assumptions are correct,
1) Have TBB developers considered the issue of some deleted info from sessions, being recoverable?

2) Other than wiping free space, (which takes time) are there other suggestions for avg users to realistically deal w/ this? It doesn't affect me so much, but in repressive countries, it may warrant consideration.

I'd think for users wanting to securely wipe free space, it'd be best to use TBB on flash drive or a small partition on HDD. It's possible ? w/ a proper list of files, the files in question MIGHT be securely deleted BEFORE closing TBB, but many wiping prgms would have problems wiping active files. It probably can be done w/ enough knowledge & right tools, but most users aren't aware of steps needed, and would not regularly go to that trouble (or forget).

tor-talk mailing list

Reply via email to