[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #30925 [Applications]: Tor Browser for Android should not leak device language
#30925: Tor Browser for Android should not leak device language
------------------------------------+------------------------------
Reporter: dujaus | Owner: (none)
Type: defect | Status: new
Priority: Medium | Component: Applications
Version: Android (Orbot): 1.0.0 | Severity: Major
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------+------------------------------
(Real version: 60.7.0)
Tor Browser for Android sends the real language of the user's Android
device in accept-language HTTP request header. For UX this might be great,
but if the language is not English, it can reveal the likely geographical
location of the user.
For instance, I'm a Finn, and when I use Tor Browser to access
Twitter.com, the site shows the web page in Finnish. Also many sites show
ads in Finnish. This is not great for anonymity, especially for small
countries and languages only spoken by relatively small population, like
fi-FI.
I think this issue is quite severe due to few aspects related to Android:
- It is very common to use the local language in Android devices (probably
more so than with desktop OSes - computer savvy Finns tend to use English
Windows/Linux)
- The browser itself is not localized, so the user probably is not aware
of the fact that it sends the real accept-language header. I used to think
that the ads were just a coincident and maybe I just happened to be on a
circuit leading to a exit node in Finland.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30925>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs