[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing



#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  mcs
     Type:  defect                               |         Status:  closed
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:  fixed
 Keywords:  ff60-esr, tbb-fingerprinting-os,     |  Actual Points:
  tbb-8.0-issues, tbb-8.0.1-can,                 |
  TorBrowserTeam201809R                          |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by cypherpunks3):

 Replying to [comment:65 gk]:
 > Replying to [comment:64 mcs]:
 > > Replying to [comment:63 gk]:
 > > > Looks mostly good to me. I guess we could refactor
 `Navigator::GetUserAgent()` a bit but we can leave that our for now and
 tackle that when upstreaming this patch.
 > >
 > > Kathy and I were a little afraid to make big changes there without
 advice from a Mozilla person and/or more time to test things.
 >
 > Yes, I guessed so and that's been a good idea.
 >
 > >
 > > > Please adjust the WinXP in the commit message and the title given
 that you delete `general.useragent.override` from the prefs we ship but
 have the bug fixed nevertheless. Maybe "Bug 26146: Spoof HTTP User-Agent
 header for desktop platforms"? (or something like that). Oh, and that's
 not only JavaScript on/off related. The risk we are writing the patch for
 is that the OS is collected by any server Tor Browser is talking to,
 irrespective of your JS settings.
 > >
 > > Here is a revised patch (new commit message):
 > > https://gitweb.torproject.org/user/brade/tor-
 browser.git/commit/?h=bug26146-02&id=a9b83ea79e2e1751d63fffe62b457008d516145e
 >
 > Looks good! I cherry-picked the patch to `tor-browser-60.2.0esr-8.5-1`
 (commit 165031359d2db55af85cab32713860bb6a026483) and `tor-
 browser-60.2.0esr-8.0-1` (commit
 62d76b2381c1df0b893336f496ae4ffe161d592f). Woo, thanks everyone!

 Can I get a tl;dr as to what this patch does?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26146#comment:66>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs