Delivery-Date: Wed, 27 Aug 2014 16:28:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5BBCB1E0D37;
	Wed, 27 Aug 2014 16:28:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1F2FB309BD;
	Wed, 27 Aug 2014 20:28:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 9323A309BD
 for <tor-talk@lists.torproject.org>; Wed, 27 Aug 2014 20:28:35 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id FsdhQp5v6luQ for <tor-talk@lists.torproject.org>;
 Wed, 27 Aug 2014 20:28:35 +0000 (UTC)
X-Greylist: delayed 368 seconds by postgrey-1.34 at eugeni;
 Wed, 27 Aug 2014 20:28:35 UTC
Received: from omr-d01.mx.aol.com (omr-d01.mx.aol.com [205.188.252.208])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 6575F290FC
 for <tor-talk@lists.torproject.org>; Wed, 27 Aug 2014 20:28:35 +0000 (UTC)
Received: from mtaout-aad02.mx.aol.com (mtaout-aad02.mx.aol.com
 [172.26.127.226])
 by omr-d01.mx.aol.com (Outbound Mail Relay) with ESMTP id 7B7AC70057A9A;
 Wed, 27 Aug 2014 16:22:24 -0400 (EDT)
Received: from [10.30.136.2] (unknown [128.12.246.29])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mtaout-aad02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id
 010FC3800008F; Wed, 27 Aug 2014 16:22:23 -0400 (EDT)
Message-ID: <53FE3DFE.2020105@aim.com>
Date: Wed, 27 Aug 2014 13:22:22 -0700
From: sureyourejoking@aim.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: tor-dev@lists.torproject.org, tor-talk@lists.torproject.org
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aim.com;
 s=20140625; t=1409170944;
 bh=Gq9VNfWIAqlOIcqToviMjkv6iWkgEQmixongjHIlgJ4=;
 h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type;
 b=OtoUWjI1vCi8LyVAVi6MJbNbhKWfOa4rfhywxkLsj6STBWTaKihNUf/LDRmfOYsVa
 M/Eu3s0AaL22h6VfgEBqiimDQ1s0UdyNDT2KX3ry6M/RjiL9xufAtA+6v+L3eBs3b2
 DV1G9/HuSummcgb0G/FF9ZQ6Y8tNKDwAJxEhJaXg=
x-aol-sid: 3039ac1a7fe253fe3dff6982
X-AOL-IP: 128.12.246.29
Subject: [tor-talk] Tor Data Leak
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

To Whom it May Concern,

    I recently noticed that Tor Browser was leaking data about websites
I visited in Tor to my hard drive.

    I am running Mac OS X 10.6.8 on a 2010 model Macbook Pro 6,2. I am
using TorBrowser Version 3.6.3.

    The data appears in the directory
"/Users/Username/Library/PubSub/Feeds/", where "Username" represents my
username. The directory contains xml files with random names and a .xml
extension. They contain text and url's from websites which I have only
visited using Tor.

    I use "No-Script" in Tor, and it is active by default. "No-Script"
was active when I visited all of the websites, except for youtube, since
the videos will not play while "No-Script" is active.

    I have installed the following add-ons to Tor: "Adblock Edge 2.1.4"
and "Privacy Badger Firefox 0.2.1".

    I noticed these xml files a month ago, and moved the contents of
/Users/Username/Library/PubSub/ to a separate location. Since then, I
have watched the contents of this directory closely.

    Two days after I deleted the contents of "PubSub", a directory
called "Database" appeared containing a file called "Database.sqlite3".
This file seemed not to have any information about websites I visited. A
while later, the "Feeds" directory appeared, but was empty. The "Feeds"
directory remained empty for about two weeks.

    Yesterday, xml files appeared in the Feeds directory, which now
contains 1.1 MB of files.

    Is this a security bug in Tor Browser?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

