[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 10 Sep 2018 06:40:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 10 Sep 2018 02:41:02 -0400
In-reply-to: <042.b334da9882150662563a60c10e30b137@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.b334da9882150662563a60c10e30b137@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
---------------------------------------------+--------------------------
 Reporter:  gk                               |          Owner:  tbb-team
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:25 temp123]:
 > Replying to [comment:23 gk]:
 > > The slider is for adjusting the *security* against *browser
 exploitation*.
 >
 > https://tb-manual.torproject.org/en-US/security-slider.html
 >
 > > Tor Browser includes a “Security Slider” that lets you increase your
 security by disabling certain web features that can be used to attack your
 security **and anonymity**.

 Yes, security breaches may easily affect your anonymity (Tor's protections
 can bypassed that way) which is why both concepts are used in the same
 sentence. It has nothing to do with fingerprinting resistance here. If you
 feel that's not clear enough please file a ticket at this bug tracker so
 we can clarify our manual.

 > It would make sense to leave general.useragent.override as is and set
 privacy.resistFingerprinting to false when the security slider is moved to
 "Safest".
 >
 > Reasoning:
 > - A user-agent which differs from general.useragent.override is an
 anonymity issue
 > - Javascript is disabled when security slider is moved to "Safest"
 > - privacy.resistFingerprinting deals with privacy issues which are
 relevant only when javascript is enabled

 `privacy.resistFingerprinting` deals with way more than the user agent but
 more importantly even if you have JavaScript disabled then you are *not*
 safe against fingerprinting risks. That ship has sailed long ago as the
 web has gotten more powerful over the years.

 > This would give those who want to trade a bit of anonymity and security
 for a better browsing experience the option while not affecting those who
 want the highest/safest level of anonymity and security.

 I think you are misunderstanding something here: Tor Browser's privacy
 guarantees hold for everyone. It's the security side that some of our
 users need/want to adjust to their specific needs.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26146#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing
Next by Author: Re: [tor-bugs] #27402 [Core Tor/Tor]: stop reporting "internal paths" during bootstrap
Previous by thread: Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing
Next by thread: Re: [tor-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing
Index(es):
- Author
- Thread