Pier Angelo Vendrame pushed to branch mullvad-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
-
ed66bd0f
by Pier Angelo Vendrame at 2024-02-29T14:09:03+01:00
-
b9146e90
by Pier Angelo Vendrame at 2024-02-29T14:09:08+01:00
-
e473a103
by Pier Angelo Vendrame at 2024-02-29T14:09:08+01:00
3 changed files:
- browser/app/profile/000-mullvad-browser.js
- netwerk/protocol/http/nsHttpHandler.cpp
- toolkit/components/resistfingerprinting/nsRFPService.cpp
Changes:
| ... | ... | @@ -7,23 +7,23 @@ pref("browser.startup.homepage", "about:mullvad-browser"); |
| 7 | 7 | // a result.
|
| 8 | 8 | pref("browser.toolbars.bookmarks.visibility", "never");
|
| 9 | 9 | |
| 10 | -// privacy-browser#19: Enable Mullvad's DOH
|
|
| 10 | +// mullvad-browser#19: Enable Mullvad's DOH
|
|
| 11 | 11 | pref("network.trr.uri", "https://dns.mullvad.net/dns-query");
|
| 12 | 12 | pref("network.trr.default_provider_uri", "https://dns.mullvad.net/dns-query");
|
| 13 | 13 | pref("network.trr.mode", 3);
|
| 14 | 14 | pref("doh-rollout.provider-list", "[{\"UIName\":\"Mullvad\",\"autoDefault\":true,\"canonicalName\":\"\",\"id\":\"mullvad\",\"last_modified\":0,\"schema\":0,\"uri\":\"https://dns.mullvad.net/dns-query\"},{\"UIName\":\"Mullvad (Ad-blocking)\",\"autoDefault\":false,\"canonicalName\":\"\",\"id\":\"mullvad\",\"last_modified\":0,\"schema\":0,\"uri\":\"https://adblock.dns.mullvad.net/dns-query\"}]");
|
| 15 | -// privacy-browser#122: Audit DoH heuristics
|
|
| 15 | +// mullvad-browser#122: Audit DoH heuristics
|
|
| 16 | 16 | pref("doh-rollout.disable-heuristics", true);
|
| 17 | 17 | |
| 18 | -// privacy-browser#37: Customization for the about dialog
|
|
| 18 | +// mullvad-browser#37: Customization for the about dialog
|
|
| 19 | 19 | pref("app.releaseNotesURL.aboutDialog", "about:blank");
|
| 20 | 20 | |
| 21 | -// privacy-browser#94: Disable legacy global microphone/webcam indicator
|
|
| 21 | +// mullvad-browser#94: Disable legacy global microphone/webcam indicator
|
|
| 22 | 22 | // Disable the legacy Firefox Quantum-styled global webcam/microphone indicator in favor of each
|
| 23 | 23 | // platform's native indicator
|
| 24 | 24 | pref("privacy.webrtc.legacyGlobalIndicator", false);
|
| 25 | 25 | |
| 26 | -// privacy-browser#87: Windows and Linux need additional work to make the
|
|
| 26 | +// mullvad-browser#87: Windows and Linux need additional work to make the
|
|
| 27 | 27 | // default browser choice working.
|
| 28 | 28 | // We are shipping only the portable versions for the initial release anyway, so
|
| 29 | 29 | // we leave this popup enabled only on macOS.
|
| ... | ... | @@ -34,7 +34,7 @@ pref("browser.shell.checkDefaultBrowser", false); |
| 34 | 34 | // mullvad-browser#228: default to spoof en-US and skip showing the dialog
|
| 35 | 35 | pref("privacy.spoof_english", 2);
|
| 36 | 36 | |
| 37 | -// privacy-browser#131: Review a few updater preferences
|
|
| 37 | +// mullvad-browser#131: Review a few updater preferences
|
|
| 38 | 38 | pref("app.update.notifyDuringDownload", true);
|
| 39 | 39 | pref("app.update.url.manual", "https://mullvad.net/download/browser");
|
| 40 | 40 | pref("app.update.url.details", "https://mullvad.net/download/browser");
|
| ... | ... | @@ -45,3 +45,6 @@ pref("app.releaseNotesURL", "https://github.com/mullvad/mullvad-browser/releases |
| 45 | 45 | pref("app.releaseNotesURL.aboutDialog", "about:blank");
|
| 46 | 46 | // point to our feedback url rather than Mozilla's
|
| 47 | 47 | pref("app.feedback.baseURL", "https://mullvad.net/help/tag/browser/");
|
| 48 | + |
|
| 49 | +// mullvad-browser#234: Do not spoof the OS in the User-Agent header
|
|
| 50 | +pref("privacy.resistFingerprinting.spoofOsInUserAgentHeader", false); |
| ... | ... | @@ -497,6 +497,9 @@ nsresult nsHttpHandler::Init() { |
| 497 | 497 | // obsService->AddObserver(this, "net:failed-to-process-uri-content", true);
|
| 498 | 498 | }
|
| 499 | 499 | |
| 500 | + Preferences::AddWeakObserver(
|
|
| 501 | + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
|
|
| 502 | + |
|
| 500 | 503 | MakeNewRequestTokenBucket();
|
| 501 | 504 | mWifiTickler = new Tickler();
|
| 502 | 505 | if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr;
|
| ... | ... | @@ -2071,6 +2074,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, |
| 2071 | 2074 | // Inform nsIOService that network is tearing down.
|
| 2072 | 2075 | gIOService->SetHttpHandlerAlreadyShutingDown();
|
| 2073 | 2076 | |
| 2077 | + Preferences::RemoveObserver(
|
|
| 2078 | + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
|
|
| 2079 | + |
|
| 2074 | 2080 | ShutdownConnectionManager();
|
| 2075 | 2081 | |
| 2076 | 2082 | // need to reset the session start time since cache validation may
|
| ... | ... | @@ -2196,6 +2202,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, |
| 2196 | 2202 | ShutdownConnectionManager();
|
| 2197 | 2203 | mConnMgr = nullptr;
|
| 2198 | 2204 | Unused << InitConnectionMgr();
|
| 2205 | + } else if (!strcmp(topic, "nsPref:changed") &&
|
|
| 2206 | + !NS_strcmp(
|
|
| 2207 | + data,
|
|
| 2208 | + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) {
|
|
| 2209 | + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true);
|
|
| 2199 | 2210 | }
|
| 2200 | 2211 | |
| 2201 | 2212 | return NS_OK;
|
| ... | ... | @@ -939,12 +939,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, |
| 939 | 939 | // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
|
| 940 | 940 | // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
|
| 941 | 941 | |
| 942 | + const bool spoofOs =
|
|
| 943 | + isForHTTPHeader &&
|
|
| 944 | + Preferences::GetBool(
|
|
| 945 | + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true);
|
|
| 946 | + |
|
| 942 | 947 | // These magic numbers are the lengths of the UA string literals below.
|
| 943 | 948 | // Assume three-digit Firefox version numbers so we have room to grow.
|
| 944 | 949 | size_t preallocatedLength =
|
| 945 | 950 | 13 +
|
| 946 | - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
|
|
| 947 | - : mozilla::ArrayLength(SPOOFED_UA_OS)) -
|
|
| 951 | + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
|
|
| 952 | + : mozilla::ArrayLength(SPOOFED_UA_OS)) -
|
|
| 948 | 953 | 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 +
|
| 949 | 954 | 2;
|
| 950 | 955 | userAgent.SetCapacity(preallocatedLength);
|
| ... | ... | @@ -954,7 +959,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, |
| 954 | 959 | // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0"
|
| 955 | 960 | userAgent.AssignLiteral("Mozilla/5.0 (");
|
| 956 | 961 | |
| 957 | - if (isForHTTPHeader) {
|
|
| 962 | + if (spoofOs) {
|
|
| 958 | 963 | userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS);
|
| 959 | 964 | } else {
|
| 960 | 965 | userAgent.AppendLiteral(SPOOFED_UA_OS);
|