[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26611 [Applications/Tor Browser]: verify no locale leaks in ESR60 `Intl` APIs



#26611: verify no locale leaks in ESR60 `Intl` APIs
-------------------------------------------------+-------------------------
 Reporter:  mcs                                  |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting, ff60-esr,        |  Actual Points:
  TorBrowserTeam201808R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by arthuredelstein):

 * status:  new => needs_review
 * keywords:  tbb-fingerprinting, ff60-esr, TorBrowserTeam201808 => tbb-
     fingerprinting, ff60-esr, TorBrowserTeam201808R


Comment:

 Replying to [ticket:26611 mcs]:
 > ​Several new `Intl` APIs and enhancements to existing APIs were added
 during the ESR60 development cycle. We should review the changes to make
 sure locale info, etc. is not leaked when `privacy.resistFingerprinting`
 is `true`.

 In general, the `Intl` APIs use the apparent system locale.
 "javascript.use_us_english" and "privacy.spoof_english" already cause the
 system locale to be overridden for Firefox so that previous APIs correctly
 behaved as though the locale were "en-US".

 But I wanted to make sure that the new APIs also followed the same
 mechanism. So I ran manual tests for each. I opened a blank page and
 entered test inputs into the content console for two values of
 "privacy.spoof_english":

 > See:
 > https://bugzilla.mozilla.org/show_bug.cgi?id=1403318
 > ​https://developer.mozilla.org/en-
 US/docs/Web/JavaScript/Reference/Global_Objects/PluralRules

 ||= privacy.spoof_english =||= `new
 Intl.PluralRules().resolvedOptions().locale` =||
 || 1 || `"de"` ||
 || 2 || `"en-US"` ||

 > ​https://bugzilla.mozilla.org/show_bug.cgi?id=1403319
 > ​https://developer.mozilla.org/en-
 US/docs/Web/JavaScript/Reference/Global_Objects/NumberFormat/formatToParts

 ||= privacy.spoof_english =||=
 `Intl.NumberFormat().formatToParts(1000)[1]` =||
 || 1 || `Object { type: "group", value: "." }` ||
 || 2 || `Object { type: "group", value: "," }` ||

 > ​https://bugzilla.mozilla.org/show_bug.cgi?id=1386146
 > ​https://developer.mozilla.org/en-
 US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat

 ||= privacy.spoof_english =||= `new Intl.DateTimeFormat(undefined, {hour:
 "numeric"}).resolvedOptions().hourCycle` =||
 || 1 || `"h23"` ||
 || 2 || `"h12"` ||

 So the manual tests appear to confirm that these new APIs are correctly
 spoofing the locale. I also a opened a bugzilla bug to propose the idea of
 adding some regression tests: https://bugzilla.mozilla.org/1486258

 Setting to "needs review" for a second opinion. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26611#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs