Re: [T(A)ILS-dev] Tor Browser Bundle config

This message is part of the following thread:
Mthe complete thread tree sorted by date
Mintrigeri at <-
Mintrigeri at ->
Delete this message

Reply to this message
Author: Andrew Lewman
Date:  
To: intrigeri
CC: Erinn Clark, The T\(A\)ILS public development discussion list
Subject: Re: [T(A)ILS-dev] Tor Browser Bundle config
On Thu, Jan 06, 2011 at 04:57:02PM +0100, intrigeri@??? wrote 1.4K bytes in 38 lines about:
: Studying the Git log shows these settings were added by Andrew in
: commit 5dea9a12 (svn:r19603), along with a dozen or so other ones. The
: corresponding commit message is a bit vague: "update some preferences
: for a safer firefox all around".

I seem to recall there being an attack where someone can manipulate XUL
into disclosing if a favicon existed in cache and the age of image in
cache to determine your history.

In general, for a tor browser bundle that is not supposed to leave a
trace, having a favicon cache could be bad. It would confirm that you
did indeed visit a certain site. If this certain site is forbidden in
your locale, the evidence could be used against you.

--
Andrew
pgp key: 0x74ED336B

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [T(A)ILS-dev] Specification and security design documentRe: [T(A)ILS-dev] Image size issues->
lists.autistici.org administrated by postmasterLurker (version 2.3)