This replies to a September 26 post with the same title.
Thank you; I was unaware of the division. No, in the past I was using Tor as if
it is a browser, so I was using the browser it comes with. I did not try to use
it with any other browser.
I did not know if Tor's browser uses Firefox's security architecture and I
don't know about esr versions. You wrote, "[b]y design, Tor Browser doesn't
save data to disk across sessions." Firefox isn't supposed to but a computer
shutdown allows only limited time for apps to clean themselves up and so, even
without a crash, FF data may be preserved through a power-down and power-up,
and I confirmed that it is. If Tor not only defaults to data erasure ("design")
but is not hampered by a time limit during shutdown so that the data is always
gone when settings call for it to be gone, then that's an improvement over FF.
Consider the risk that many apps may have to clean up extensively and that
there won't be enough time during shutdown to complete the cleanup, so that Tor
may still leave data persisting through the next power cycling.
It took some effort to find the bug in FF, it took some more effort to convince
people at FF that data is persistently stored, and a FF derivative is being
used in Tor, so I would not be surprised if no one reported the bug at Tor
before my question last month. The discussion at FF was going on for years. So
the open question for Tor is not whether it's unreported but whether Tor
behaves differently, and you and I have narrowed it down to the difference
between design and behavior at shutdown time and similar times. If you or
someone else knows the answer to that question, please post accordingly.
If the shutdown or similar time limit forces persistence of data, then that's a
security bug.
And the UI language should be precise. "Never Remember History" is not that,
given the persistence issue and if persistence is not to be ended. The people
Tor is intended for, spies et al., are not full-time geeks and they can't make
their use of Tor too visible by asking questions in the wrong places. So the UI
issue is more sensitive for targeted Tor users than for most FF users. It's
okay (not great but okay) to require using options but then the UI "Never"
should be reworded so Tor (or FF) users are not misled. But if Tor doesn't
present that "Never" language then Tor may not have a UI issue. UI language
should be judged as most users would understand it. When, years ago, Microsoft
wanted to discourage uninstalling its browser from Windows platforms, one of
its techniques was to force people trying to properly uninstall to go through a
nearly incomprehensible UI; I was geeky at the time and I didn't know what a
couple of messages meant. And at least I knew it was incomprehensible. "Never
Remember History" is easily comprehensible but, in FF's case, as most people
would understand it, is wrong. A derivative of FF is in Tor. Thus, I ask about
Tor's UI.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
