-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tor Browser: Login and device information lost when closing tab or browser #8390
Comments
Tor Browser is meant for privacy and may clear all cookies on exit. Try using Riot with another browser, as chat rooms can be encrypted. |
Hi @CEbhNwPM - I'm a little worried this issue will be starved of attention due to your (as far as I'm aware) relatively niche usecase - it would be a shame if a regression made Riot unworkable for your needs. OOI what's the main motivator for maintaining your riot session over tor restarts? Is it device verification? E2E key persistence? Avoiding initial syncs? |
Thank you for replying. I also tested this with Firefox ESR, where everything works fine. So whichever code change caused this, the hardened settings of Tor Browser relied upon something that was previously in the code. If I run out of patience, I will either use the desktop client or try to identify the exact reason for this regression myself. I use Riot for a small, end-to-end encrypted room. Everyone would have to re-verify me daily and most of the history fails to decrypt for me, obviously. It's important to note that this happens even when I just close the Riot tab, I don't even have to close the whole browser. The session data is stored and kept just fine, it's just never recognized again. |
Thanks for this report. I have followed your steps using Tor Browser 8.0.6 on macOS and riot.im/develop, and I can reproduce the issue. Using the Storage tab of the Developer Tools, it seems clear that the browser is still clearing IndexedDB, Local Storage, etc. despite the settings you've set. As you say, you don't even need to restart the browser, as it also happens by closing and opening the tab. Unfortunately, I can't think of anything Riot itself can do about this issue. It seems to be related to Tor Browser's storage implementation, so something would need to be fixed there. I suggest filing a bug there instead. If there is something Riot can do about this, please let us know! |
Here is an update on the issue and the situation with Riot's usability with Tor on Windows in general. The Tor Browser setting below causes the problems described in this issue:
This setting causes Tor Browser to forget "Local Storage" data outside of the first Riot tab and does not properly clean up cookies on browser exit either, as it is supposed to. This has been reported to the Tor Browser team. Riot works when disabling private browsing mode and not clearing cookies on exit. I would not recommend doing this, as keeping cookies over browser restarts enables tracking. Blocking all but Riot's cookies is also not an option, because the fact that you are blocking cookies also makes you more trackable. As it is best not to mess with vanilla Tor Browser settings in general, Tor Browser would need a whitelisting feature to retain data from specific sites in order to make Riot with E2E usable in a proper way. The next best option to use Riot over Tor is the desktop client with launch options |
Description
I am aware that this is normal with the default configuration of Tor Browser, please read on.
I use riot.im/app with matrix.org. Login and device ID do not persist in a well-configured Tor Browser (does not delete cookies or local storage on exit). The configuration as described below worked until recently. Downgrading Tor Browser (while also preventing auto update) did not help, so if I did not make any mistakes, this seems to be a regression in Riot 0.17.9.
Steps to reproduce
You will no longer be logged in and one of the first few lines in the console shows "No previous session found.". The issue even occured when just closing the tab and not the entire browser. It also occurs on riot.im/develop.
Log: Not sent, didn't seem useful as this is easily reproduced.
Version information
Thanks for looking into this. Overall I'm very happy with Riot and Matrix, but I need it to work via Tor without complicated workarounds such as trying to tunnel the desktop app completely (difficult on Windows) or running a tunneled VM.
The text was updated successfully, but these errors were encountered: