Author: Andrew Lewman Date: To: intrigeri CC: Erinn Clark, The T\(A\)ILS public development discussion list Subject: Re: [T(A)ILS-dev] Tor Browser Bundle config
On Thu, Jan 06, 2011 at 04:57:02PM +0100, intrigeri@??? wrote 1.4K bytes in 38 lines about:
: Studying the Git log shows these settings were added by Andrew in
: commit 5dea9a12 (svn:r19603), along with a dozen or so other ones. The
: corresponding commit message is a bit vague: "update some preferences
: for a safer firefox all around".
I seem to recall there being an attack where someone can manipulate XUL
into disclosing if a favicon existed in cache and the age of image in
cache to determine your history.
In general, for a tor browser bundle that is not supposed to leave a
trace, having a favicon cache could be bad. It would confirm that you
did indeed visit a certain site. If this certain site is forbidden in
your locale, the evidence could be used against you.