[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #24056 [Applications/Tor Browser]: UI locale is detectable by button width

To: undisclosed-recipients: ;
Subject: [tor-bugs] #24056 [Applications/Tor Browser]: UI locale is detectable by button width
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 30 Oct 2017 11:16:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 30 Oct 2017 07:17:01 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#24056: UI locale is detectable by button width
------------------------------------------+--------------------------------
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Major                     |   Keywords:  tbb-fingerprinting
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+--------------------------------
 We got a HackerOne report by xiaoyinl outlining steps to detect the UI
 locale of the browser despite the user not changing the `Accept` header:

 If one specifies a button `<input type="submit">` without a "value"
 property, the default text of the button depends on the UI language. And
 the resulting width of the button can be measured.

 We should not only focus on that particular button but should look closer
 whether other UI parts are suffering from the same problem.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/24056>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #22487 [Webpages/Website]: Add https version of `deb.torproject.org` repository install instructions
Next by Author: Re: [tor-bugs] #22427 [Webpages/Website]: Link to Linus's nightly builds from somewhere?
Previous by thread: Re: [tor-bugs] #24055 [Internal Services/Tor Sysadmin Team]: Create rbm.torproject.org website
Next by thread: [tor-bugs] #24057 [Metrics/Website]: Add tor 0.3.3.x to version graphs
Index(es):
- Author
- Thread