Does this mean that Tor saves private information?
I was going through my pagefile.sys
system file (as I usually do) and found a few things of note. For example:
-----BEGIN RSA PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCWNR3PfJy6YRwA6fUCfF7TlcP0
Bz+PI0aeayOQmm1uyx/wB/MB0zweBwEvgLnbmgYzE8PUpBNtaFaY3essSMHsWko2
SYkCVujKPdWhN9k8tqX/tMPn7TVUm7XAZ9A4mbgoYfX669qpguMn5QXkFEt0OFYK
Qo4DHJY86AJh3qawkQIDAQAB
-----END RSA PUBLIC KEY--------
followed by
ntor-onion-key 4BeCRL/99541u3jcjdkwkmjhbutujjeroj34jkkjj542jqpwkag9jkf9=
I am a user of the Tor browser. I run it on its most default settings (i.e disabled disk writes, on Windows 10, latest version of Firefox, etc.)
Does this mean that Tor has failed in its objective to not write data to disk?
Does this mean that Tor saves your URLs?
No.
Does this mean that Tor has failed in its objective to not write data to disk?
No.
What It Does Mean
What it means is that you haven't disabled your pagefile, which can store sensitive information which normally resides in memory. The page file is effectively a swap file for Windows once your memory becomes too full. Tor has no control over how this is configured on your system or what portions of memory are written to it.
Disable The Windows 10 Pagefile
You can disable the page file in Windows 10 by doing the following:
-
Open your Windows Control Panel > System settings.
-
Click the Advanced system settings link on the left.
-
Go to the Advanced tab in the System Properties window and press the Settings button.
-
Go to the Advanced tab in the new Performance Options window and press the Change button.
-
Uncheck the Automatically manage paging file size for all drives checkbox (if set).
-
Switch to the No paging file radio button option.
-
Press the Set button. Click YES to confirm the changes.
-
Press OK 3 times in the remaining windows.
Performance
As others have noted, performance can be a concern in relation to paging and use of the Windows pagefile. Particularly, disabling the pagefile can have a negative impact on performance (though this likely depends greatly on your amount of RAM and individual application usage).
As @Suma points out, encrypting the page file (as detailed in this linked answer) can be an alternative to disabling it entirely.
No worries.
It means that pages from Tor's working set have been paged out. Contrary to common belief, this does not happen when you run out of physical RAM, but much more regularly. A process' working set under Windows is very small (a dozen megabytes), and deliberately so. Pages are moved in and out of the working set and onto the standby list1 very frequently, almost constantly.
Pages are either simply discarded upon memory pressure (in case of a mapping) to be re-loaded later, or, in case of a non-mapped page which has been accessed, written to swap speculatively, and possibly discarded to be reloaded from swap later.
Contrary to the other answer, you should almost certainly not disable the swap file. There are very few good reasons (all of them involving a very considerable amount of paranoia) to do this, but it is a very serious system-wide anti-optimization. A modern operating system needs a page file to work "properly" (it doesn't need as much as often recommended, so-and-so many times the installed RAM is outright ridiculous with multi-gigabyte RAM sizes, a few hundred megabytes will do, but zero is not at all a good option!).
If you are worried someone might scan your pagefile with some kind of malware, then a few Tor public keys are the least of your concerns. If they can do that, they can do much worse.
If you are worried someone might steal your computer, use full-disk encryption. Most modern disks run in always-encrypt mode for wear-levelling reasons anyway, so "enabling" encryption really means no overhead, it only means scrambling the on-disk key with a password.
Did Tor fail its objective?
No (although, technically, yes).
Tor did not write anything to disk directly. However, it didn't prevent the OS from writing data to disk. So, being very pedantic, that's "fail".
What the Tor program could have done is either VirtualLock
regions, or do allocations using large pages. Either of these will prevent the OS from writing pages to the page file.
This is, of course, not without problems. Large pages are not available on all systems and where they are available, they require privileges that a normal user doesn't have.
VirtualLock
, on the other hand side, is limited by the maximum working set size, which is small and which competes with invisible locks such as e.g. when you read from or write to a file or socket. The operating system must, and will, lock pages in your process' working set for being able to do that. Of course, the maximum working set size can be adjusted, but again, on modern versions of Windows, this requires a privileged process!
So, all in all, you are only able to lock very small amounts of memory, and that's presumably what Tor is doing, too.
It will however only be storing sensitive information that absolutely shouldn't ever be leaked in that locked region. There's just not enough room there to store everything there, including public keys.
Compared to running Tor as privileged process, possibly writing some unimportant, public data to the page file is certainly the lesser evil.
Is it a problem?
Yes, but not because it is a problem per se.
I don't know what the ntor-onion-key
entry is, but at least the first posted snippet is definitively a public key (it says so verbatim!), which is, well... public information. There is no harm if this information is possibly leaked.
It does become a problem, however, because not only you're using a "suspicious" tool, but you raised a concern which shows an alarming amount of, well, call it caution, or call it paranoia.
The average person neither uses Tor, nor cares about inspecting the contents of the page file, or gives a crap about what Tor might have leaked to the pagefile.
To some people, this is a red flag. Such an amount of caution looks exactly like you have something to hide, and you're most likely involved in criminal activity (or worse), as you are "obviously" hiding something.
Thus, there is a chance that by wording this concern, you have managed as a "non-interesting person" to be put on the "suspicious, watch closely" list of some governmental institution. Who, as it happens, filter network traffic 24/7, automatically flagging keywords, and reading through the flagged parts with a huge army of analysts.
1 Actually, there is not one, but 8 of them, with different priorities. But let's just say "the" standby list.