Hi Holger, On Sat, Jul 26, 2014 at 05:07:13PM +0200, Holger Levsen wrote: > I believe this has probably been done by design,
FWIW according to the upstream author (who has encouraged me to submit the bug also in the upstream BTS and *cough* propose a patch) that's not the case. > so it is super easy to remove all traces from torbrowser(-usage) from > the system. (eg for users in really oppressive areas...) I'm not sure I understand the threat model you've in mind here. If secrecy is needed on the fact that someone might be using torbrowser, than *installing* torbrowser-launcher is not a good idea. First of all you've no guarantee that the user will arrive on the machine (to remove it) before the oppressors. But even if the user do, she will also have to remove the torbrowser-launcher itself, which in case of Debian machines will involve removing the corresponding package. Bottom line: for that threat model a live system would be much better, and whether cleaning traces of past usage involves removing one directory, or several, seems just a minor detail really. If we really want to support such a cleanup (which I'm not sure about), the best option seems to be to add a "--self-destruct" option to torbrowser-launcher, which does all the needed cleanup. The problem is that on distros like Debian, such a command should also "dpkg --purge" the package (and its dependencies...). Cheers. -- Stefano Zacchiroli . . . . . . . [email protected] . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Former Debian Project Leader . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
signature.asc
Description: Digital signature
