Recently discovered in TOR Windows Desktop, if you go to upper right “hamburger” apps menu, then select Bookmarks, it displays at least the last 10 Recent Bookmarks visited. This is a pretty significant security issue. I have read through discussions here and general on-line searches. I find no simple way to shut this off. Have written a userChrome.css that works fine in Firefox, have tried about:config switches; nothing stops this in the TOR (windows) Desktop. I cannot believe there is no way to stop this here -some simple switch, and really the default on this should be off. I know all the arguments, especially “others should not have access or be looking on your computer”, but there are situations where this cannot be avoided, especially among journalists or authors who co-write. As stated, there is a simple way to stop this in mainstream Firefox. We need something here. I have a partial workaround that involves looking at an encrypted bookmarks.html file that is not saved inside the browser but it is far from ideal.
your bookmarks are already stored in places - if you don’t want them remembered, then stop bookmarking them
PS: if you delete a bookmark then it also removed from the recent bookmarks list - it is after all just a query
Well some of us have bookmarks because we like to visit them. So deleting not a good solution. You are right that they are stored-but there are ways to make this less conspicuous-burying in sub-directories, turning off auto complete etc. But the point is they should not be tracked in a secure browser… I am a researcher and sometimes have some sensitive materials… This tracking recent bookmarks should be turned off by default. Regular Firefox allows this. This is a security hole.
Then secure your device. This is not a TB problem, it is OpSec
Regular Firefox allows this
How? Where is this magical setting that removes bookmarks from the device but still allows the user to access them?
userChrome.css?
Then you’re hiding the problem, not solving it.
As far as I can tell , Firefox doesn’t even save the information on when you lastly visited a bookmark with the bookmarks themselves (check the moz_bookmarks table in places.sqlite).
If it’s saved anywhere else also in private browsing mode (where?), it’s a disk leak we should solve and send to upstream Firefox.
Keep in mind that disabling private browsing mode isn’t officially supported for Tor Browser, so we won’t fix issues that don’t apply to PBM.
However, for me Firefox shows the recently added bookmarks, not visited.
There are two fields in the moz_bookmarks table: dateAdded and lastModified.
Maybe we could add a pref to hardcode them to some date (e.g., Jan 1st 2020) and then not update anymore.
(Edit: opened tor-browser#43080 for this).
But as already said, userChrome.css isn’t a solution.
The data is stil there.
Had to write a small chrome css script,-easily found online. Not magic.
Why-because others have also flagged the problem, in Firefox.
It just does not work here.
···
Sent with Proton Mail secure email.
On Monday, August 26th, 2024 at 08:24, thorin via Tor Project Forum noreply@forum.torproject.org wrote:
thorin Τακτικός
August 26Then secure your device. This is not a TB problem, it is OpSec
Regular Firefox allows this
How? Where is this magical setting that removes bookmarks from the device but still allows the user to access them?
Visit Topic or reply to this email to respond.
To unsubscribe from these emails, click here.
So your “solution” (which only hides it in one view, doesn’t solve it) for Firefox also works in TB - userChrome.css?
What others have flagged the problem?
What doesn’t work “here”?
Mine just says “recent bookmarks” - a chrome.css has at least stopped this being so visible (in Fireox).
This has been an eye opener for me - this should be a choice, not the default setting.
Thanks
···
On Monday, August 26th, 2024 at 08:47, PieroV via Tor Project Forum noreply@forum.torproject.org wrote:
PieroV Abituale
August 26
Rocketboy0:
As stated, there is a simple way to stop this in mainstream Firefox.
userChrome.css?
Then you’re hiding the problem, not solving it.As far as I can tell , Firefox doesn’t even save the information on when you lastly visited a bookmark with the bookmarks themselves (check the
moz_bookmarkstable inplaces.sqlite).If it’s saved anywhere else also in private browsing mode (where?), it’s a disk leak we should solve and send to upstream Firefox.
Keep in mind that disabling private browsing mode isn’t officially supported for Tor Browser, so we won’t fix issues that don’t apply to PBM.However, for me Firefox shows the recently added bookmarks, not visited.
There are two fields in themoz_bookmarkstable:dateAddedandlastModified.
Maybe we could add a pref to hardcode them to some date (e.g., Jan 1st 2020) and then not update anymore.But as already said,
userChrome.cssisn’t a solution.
The data is stil there.
Visit Topic or reply to this email to respond.
To unsubscribe from these emails, click here.
No the userCHrome.css does not work here.
Examples of this file are easily found on the web - hence others are worried about the problem.
I’ve said all I can - if anyone has a solution, it would be great.
···
On Monday, August 26th, 2024 at 09:01, thorin via Tor Project Forum noreply@forum.torproject.org wrote:
thorin Τακτικός
August 26So your “solution” (which only hides it in one view, doesn’t solve it) for Firefox also works in TB - userChrome.css?
What others have flagged the problem?
What doesn’t work “here”?
Visit Topic or reply to this email to respond.
To unsubscribe from these emails, click here.
did you add toolkit.legacyUserProfileCustomizations.stylesheets = true
I can assure you that userChrome is usable on TB, so you’re simply not doing it right, and for no real purpose or gain
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.