[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27495 [Applications/Tor Browser]: Tor Browser 8.0 wrong user-agent



#27495: Tor Browser 8.0 wrong user-agent
--------------------------------------+---------------------------
 Reporter:  temp123                   |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  duplicate
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+---------------------------

Comment (by H7gQsKnpvf3nB7NWYtdhtDyECtySfgyx):

 A troll vandalized my comment with "We use Tor." so I'm going to replicate
 my earlier comment with a different account:

 Replying to [comment:2 arma]:
 > (I hear from the tor browser devs that they are no longer trying to lie
 about user agent, (a) because you can't actually convincing lie,
 1) Not everyone does OS detection with JS, so the trackers who use the UA
 only (i.e. without JS detection) are duped, 2) with JS disabled there's no
 reliable way to tell exactly the OS (except some CSS bugs from now and
 then),
 > because there are so many other components that would have to change
 too,
 3) these elements can be changed too in the long term (search for a
 keyword that sounds like tbb-fingerprinting-os or something). We can have
 fantastic dreams, right?

 > and (b) because when Android enters the scene, they won't want to get
 served the non-mobile version of pages.
 Mobile vs desktop distinction is justifiable, and it entails nothing for
 the case we're dealing with here.

 Replying to [comment:4 gk]:
 > Not only is it more than confusing to get always a random .exe file
 offered for download even though you are not on Windows but things like
 Google apps were actually broken for macOS users (see:
 ​https://bugzilla.mozilla.org/show_bug.cgi?id=1405810)

 This is kinda ironic considering that logging into your Google account to
 use Google Docs with Tor is straight-up *impossible* unless one does the
 SMS verification - or partial de-anonymization to put it in another
 fashion (except for the folks who buy SMS boxes with Bitcoin). So we're
 doing trading-off a situation that only a very limited number of Mac OS
 (marketshare is low) *and* Tor users encounter for the global Tor populace
 (the reports come from a standard Firefox for a reason)? This is even more
 ironic considering the amount of voluntary breakage that Google makes on
 its websites and services for the standard Firefox and Firefox Mobile, let
 alone the Tor Browser (recent examples in mind: YouTube uses an old
 standard not implemented in Firefox which leads to 5-10sec of delay on
 Firefox vs Chrome, the Google search looked different for Firefox Mobile
 vs Chrome Mobile and would change with a simple UA change to Chrome
 Mobile's UA). In other words trading privacy for hostile Google's
 usability shouldn't be even on our imagination.

 (Another comment:) By the way this is a bad precedent from the great folks
 over there at Mozilla, first party isolation breaks a lot of websites -
 should we then whitelist it for those? Why should we treat first party
 isolation and fingerprinting resistance differently?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27495#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs