DTV96Calibre
commented
5 years ago Sounds like that data should never end up on disk if possible. Maybe an option to store private data in-memory? I'm not aware of the amount of data we're tracking here
Open tildelowengrimm opened 5 years ago
DTV96Calibre
commented
5 years ago Sounds like that data should never end up on disk if possible. Maybe an option to store private data in-memory? I'm not aware of the amount of data we're tracking here
tildelowengrimm
commented
5 years ago @DTV96Calibre We have a separate issue for the much more substantial task of keeping all browsing data secured with an in-memory-only key when clear-on-shutdown is enabled. brave/brave-browser#3549 That's going to be a pretty hefty piece of work with a lot of edge cases and testing needed. This is a much more straightforward easier improvement in the mean time.
Our feature to clear private data when Brave is quit doesn't work if Brave is killed unexpectedly, like is someone holds down their power button to force their machine to shut down. There isn't much we can do in these cases, beyond the very elaborate work in #3549. But we can delete that state whenever Brave is opened. That won't prevent a forensic analysis, but it will ensure that leftover state never shows up in the newly-opened browser.