Opened 10 years ago

Last modified 9 years ago

#1049 closed defect (Duplicate)

Some Firefox-Searchbar-Searchplugins are revealing the real "Accept Language" and the "real Browser"

Reported by: MrSpock Owned by:
Priority: High Milestone:
Component: Applications/Torbutton Version: Torbutton: 1.2.1
Severity: Keywords:
Cc: MrSpock Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Some Firefox-Searchbar-Searchplugins are revealing the real "Accept Language" and the real "User Agent":

For example if I search something within the Firefox-Searchbar with the Google-Searchplugin, e. g. the following address:
http://aruljohn.com/details.php (what is stupid, but it's a test !!)
then Firefox shows in its "awesome bar" the following resulting address:

http://www.google.de/search?q=http%3A%2F%2Faruljohn.com%2Fdetails.php&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:de:official&client=firefox-a

As you can see, at the end of this www-address theres stated "DE" (for German language)
and "firefox" (for the browser).

This means that

  1. Google always knows the real language and the real browser from the www-address - irrespective of what

the Torbutton settings for Accept Language and User Agent are !

  1. If I click on one of the displayed Google-results (within the above mentioned page www.google....) then

the clicked page will also receive the above stated page www.google.... as referrer and thus the real language
and the real browser - irrespective of what the Torbutton settings are !
(Test it: click on the first result on www.google.... - which is the page http://aruljohn.com/details.php itself,
and you will find under "referrer page" the above mentioned page www.google.... and the real AcceptLanguage and
the real UserAgent)

Solution:
a) ALL Searchplugins should be de-activated while using TOR a n d
b) the Referrer should be de-activatd in Torbutton BY DEFAULT (not just offered as an option)

PS:

  • I know that Torbutton itself shows "Firefox" as User Agent so it's

not a real disadvantage if the above mentioned page www.google.... does it too,
BUT the at least real language "DE" would be revealed, what shouldn't take place !!

  • I also know that searches via the "Google-Searchplugin" are often not accepted

by Google itself (for whatever reason) while using TOR - so that this problem will not arise
very often.

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (2)

comment:1 Changed 10 years ago by mikeperry

flyspray2trac: bug closed.
Moved this to bug 1304

comment:2 Changed 9 years ago by erinn

Version: 1.2.1Torbutton: 1.2.1

Updating the version from 1.2.1 to Torbutton: 1.2.1 so I can close #1743.

Note: See TracTickets for help on using tickets.