rolling Firefox back to 2.x

[Nik N]

On Tue, Sep 2, 2008 at 1:42 PM, Dotan Cohen <dotancohen at gmail.com> wrote:
> 2008/9/2 Nik N <niknot at gmail.com>:

>> ...forensic examination of a sequestered computer by Chinese government
>> law enforcement personell.
>>
> That is a very real possibility and quite the reason why I'm still
> reading this thread. Nik, having the data in sqlite does not make it
> any more secure than being in text files.

I was actually assuming it would be less secure. However, this is not
something that will change, and the difference in our view of the advisability
of including sqlite in the security chain of the product is irrelevant to this
discussion. And no, those that are worried by leaving traces of their 'net
activity are not quite likely to get a bullet in the back of the head,
they might
only get fired. (And not for attending porn sites either, the whole thing has
something to do with overly restrictive clean-room design protocols).
Consequently, they consider to be threatened only by whatever inspection
might be carried out by some corporation using COTS forensic tools, not
by what a large governmental agency might do in a hardware-level
forensic lab.

> Please confirm or deny my allusion, so that we can help you devise a
> secure system that will let you erase data such that forensics inspection
> will not easily reveal anything. I'm thinking a small script that erases the sqlite
> files with shred.

Since you know the product well, a list of FF3 files that hold user private
data and what that data is, and what are the consequences of shreding
such files after closing a session would be of great help. I know already
that I can shred  .mozilla/firefox/123xyz.default/places.sqlite while FF3 is
not running. Others? (I understand this is just a best guess and expect
no guarantees on your side; besides, any update to FF might all of a
sudden again change this).

Nik N.