Re: [T(A)ILS-dev] Tor Browser Bundle config

Delete this message

Reply to this message
Author: Andrew Lewman
Date:  
To: intrigeri
CC: Erinn Clark, The T\(A\)ILS public development discussion list
Subject: Re: [T(A)ILS-dev] Tor Browser Bundle config
On Thu, Jan 06, 2011 at 04:57:02PM +0100, intrigeri@??? wrote 1.4K bytes in 38 lines about:
: Studying the Git log shows these settings were added by Andrew in
: commit 5dea9a12 (svn:r19603), along with a dozen or so other ones. The
: corresponding commit message is a bit vague: "update some preferences
: for a safer firefox all around".

I seem to recall there being an attack where someone can manipulate XUL
into disclosing if a favicon existed in cache and the age of image in
cache to determine your history.

In general, for a tor browser bundle that is not supposed to leave a
trace, having a favicon cache could be bad. It would confirm that you
did indeed visit a certain site. If this certain site is forbidden in
your locale, the evidence could be used against you.

--
Andrew
pgp key: 0x74ED336B