[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #30925 [Applications]: Tor Browser for Android should not leak device language



#30925: Tor Browser for Android should not leak device language
------------------------------------+------------------------------
 Reporter:  dujaus                  |          Owner:  (none)
     Type:  defect                  |         Status:  new
 Priority:  Medium                  |      Component:  Applications
  Version:  Android (Orbot): 1.0.0  |       Severity:  Major
 Keywords:                          |  Actual Points:
Parent ID:                          |         Points:
 Reviewer:                          |        Sponsor:
------------------------------------+------------------------------
 (Real version: 60.7.0)

 Tor Browser for Android sends the real language of the user's Android
 device in accept-language HTTP request header. For UX this might be great,
 but if the language is not English, it can reveal the likely geographical
 location of the user.

 For instance, I'm a Finn, and when I use Tor Browser to access
 Twitter.com, the site shows the web page in Finnish. Also many sites show
 ads in Finnish. This is not great for anonymity, especially for small
 countries and languages only spoken by relatively small population, like
 fi-FI.

 I think this issue is quite severe due to few aspects related to Android:

 - It is very common to use the local language in Android devices (probably
 more so than with desktop OSes - computer savvy Finns tend to use English
 Windows/Linux)
 - The browser itself is not localized, so the user probably is not aware
 of the fact that it sends the real accept-language header. I used to think
 that the ads were just a coincident and maybe I just happened to be on a
 circuit leading to a exit node in Finland.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30925>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs