[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #13398 [Applications/Tor Browser]: at startup, browser gleans user FULL NAME (real name, given name) from O/S



#13398: at startup, browser gleans user FULL NAME (real name, given name) from O/S
--------------------------------------+--------------------------
 Reporter:  zinc                      |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by mcs):

 * severity:   => Normal


Old description:

> (Reporting against Tor Browser 3.6.6, but this is a longstanding issue
> which affects all versions of the browser.)
>
> At each startup, code within nsUserInfoWin.cpp
> (see also: nsUserInfoUnix.cpp, nsUserInfoOS2.cpp, nsUserInfoMac.mm)
> scrapes user's FULL NAME (real name, given name) from the operating
> system
> and retains this in memory, stored to a constant, throughout the browser
> session.
>
> Additionally, the browser scrapes user's windows login username (and
> windows domain) along with his/her email address (if present, filled in
> within user's windows user account details). These personal details are
> similarly stored by the browser throughout the life of each browsing
> session.
>
> This privacy-infringing behavior is unconditional ~~ no user_pref is
> available to prevent it.
>
> In researching "How dare they?!?" I gathered that this behavior exists
> because Firefox shares a codebase with Thunderbird, and back in the day
> someone thought it would be "kewl" for a Thunderbird user to find that
> the system magically knows his/her details when setting up a new TB
> account...
>
> If challenged to prove/demonstrate where these details are ever "leaked"
> by the browser, I cannot. However, these personal details are accessible
> to any extension (or out-of-band Mozilla update) and therefore are
> subject to exfiltration.

New description:

 (Reporting against Tor Browser 3.6.6, but this is a longstanding issue
 which affects all versions of the browser.)

 At each startup, code within nsUserInfoWin.cpp
 (see also: nsUserInfoUnix.cpp, nsUserInfoOS2.cpp, nsUserInfoMac.mm)
 scrapes user's FULL NAME (real name, given name) from the operating system
 and retains this in memory, stored to a constant, throughout the browser
 session.

 Additionally, the browser scrapes user's windows login username (and
 windows domain) along with his/her email address (if present, filled in
 within user's windows user account details). These personal details are
 similarly stored by the browser throughout the life of each browsing
 session.

 This privacy-infringing behavior is unconditional — no user_pref is
 available to prevent it.

 In researching "How dare they?!?" I gathered that this behavior exists
 because Firefox shares a codebase with Thunderbird, and back in the day
 someone thought it would be "kewl" for a Thunderbird user to find that the
 system magically knows his/her details when setting up a new TB account...

 If challenged to prove/demonstrate where these details are ever "leaked"
 by the browser, I cannot. However, these personal details are accessible
 to any extension (or out-of-band Mozilla update) and therefore are subject
 to exfiltration.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13398#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs