On 2011-10-04, Joe Btfsplk <joebtfs...@gmx.com> wrote: > I've thought about TBB & it insecurely deleting files such as cache when > closing TBB Firefox. I assume this is what happens - I've investigated > - a BIT - & seems that's what it does.
If you have evidence that TBB-Firefox stores sensitive information to disk without a user asking it to, please file a bug report. One of the main design goals of Torbutton was to prevent Firefox from ever writing sensitive information to disk (unless a user has specifically asked it to, e.g. by changing Torbutton's configuration or adding a bookmark to Firefox). See section 1.2 of https://www.torproject.org/torbutton/design/ . > *Is this correct?* I can't tell because you didn't tell us what files you think TBB-Firefox writes which contain sensitive information. > If true, there's no opportunity to securely wipe the files, rather than > them being insecurely deleted - unless I'm mistaken. AFAIK, Tor has no > secure wiping capability built in. Neither Tor nor TBB attempts to securely erase files, because most filesystems in use on most operating systems (and many modern storage devices) make securely erasing files infeasible. > Don't remember reading in documentation, either that users should be > aware of this & take appropriate action, or that TBB already handles it > securely. Also, no mention of a list of files TBB deletes on shut down, > that users might consider the possibility of data being recoverable. TBB should never write sensitive information to disk. TBB must assume that it is safe to create and delete temporary files which do not contain sensitive information within the TBB directory. > If true, the only way to wipe any sensitive info (Ex.: so a repressive > gov't can't recover info from HDD), would be use a prgm to wipe free > space on the partition containing TBB. If it is installed on a flash > drive, that could be wiped, but principal is still the same. Programs that wipe free space are rarely able to wipe enough information to be worthwhile. Flash drives cannot be erased reliably at all. > Since many users install most everything to C:\ - esp. in Windows (in > TBB case, unzip to a folder), then wiping free space process on the OS > partition - which MAY be the whole HDD for some users, ALWAYS involves > some risk to file(s) corruption. I've never had a disaster wiping free > space, but forums like Eraser, CCleaner & others are full of posts about > the process (apparently) severely damaging the OS. > > If my assumptions are correct, > 1) Have TBB developers considered the issue of some deleted info from > sessions, being recoverable? We have. That's why we try hard to not write sensitive information to disk. > 2) Other than wiping free space, (which takes time) are there other > suggestions for avg users to realistically deal w/ this? It doesn't > affect me so much, but in repressive countries, it may warrant > consideration. We assume that erasing data written to disk is impossible, because it is infeasible on most filesystems and operating systems and many storage devices. > I'd think for users wanting to securely wipe free space, it'd be best to > use TBB on flash drive or a small partition on HDD. It's possible ? w/ > a proper list of files, the files in question MIGHT be securely deleted > BEFORE closing TBB, but many wiping prgms would have problems wiping > active files. It probably can be done w/ enough knowledge & right > tools, but most users aren't aware of steps needed, and would not > regularly go to that trouble (or forget). We assume that erasing data written to disk is impossible, because it is infeasible on most filesystems and operating systems and many storage devices. Robert Ransom _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk