[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #24208 [Applications/Tor Browser]: Backport 1415488



#24208: Backport 1415488
-------------------------------------------------+-------------------------
 Reporter:  arthuredelstein                      |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting,                  |  Actual Points:
  TorBrowserTeam201711                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks):

 I do believe that ticket may not be filed correctly as it appears they are
 reporting a ua leak with a preview build of ff 57. Fwiw I tested
 win64/linux64 builds of ff 57.  The linux build being
 57.0+build4-0ubuntu0.16.04.5 from mozilla ppa as my distro did not provide
 the upgrade option. I could not reproduce the bug by fiddling with
 resistfingerprinting or http-proxy.

 For TBB I checked 7.0.9, and 7.0.10 and could not reproduce the bug by
 fiddling with resistfingerprinting or the ua override. Since TBB doesn't
 use http-proxy I did not test that configuration. It's still interesting
 to note Mozilla has had issues with resistfingerprinting overriding ua
 before through transitory interaction with other components like dom. It
 looks like *if* the ua override preference exists, it will currently have
 the final word, and fortunately TBB makes it's presence mandatory.

 In other words resistfingerprinting cannot currently set/unset the ua at
 all in TBB, but that may only be because the ua override pref gets
 priority and cannot be removed accidently. To be safe you could patch
 resistfingerprinting such that if that priority ever gets confused it
 cannot set a ua.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24208#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs