[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing



#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os,     |  Actual Points:
  tbb-8.0-issues                                 |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by fufufu):

 As a Tor Browser user highly concerned with this change, I have two
 questions based on the dialogue I'm seeing on the comments section of the
 Tor blog about this subject:

 1. The biggest reason this change seems to be promoted by some
 (particularly gk) as "not a big deal anyway", even in the context of
 disabled Javascript where potential OS detection methods are minimized, is
 because your OS can apparently be detected anyway by what fonts you have
 (as Tor Browser ships with different fonts depending on the version it
 seems). My question is how the server communicates this information back
 to itself after detection without using Javascript. I can find no website,
 browser uniqueness analyzer, fingerprint analyzer, anonymity analyzer,
 Panopticlick-style test, etc. that can actually detect anything about my
 fonts with Javascript disabled in Tor Browser. I can only find a small
 reference in Whonix documentation to detecting fonts via "CSS
 introspection". Can gk or somebody else provide more information about how
 this works?

 2. If this is really all on behalf of fonts, is there a reason not to ship
 the same fonts with every version of Tor Browser on every platform?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26146#comment:37>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs