Opened 5 years ago

Last modified 2 years ago

#12995 new defect

default font seems seems to leak system locale information

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-locale
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I recently changed the default system locale on my GNU Linux system, and I noticed that afterwards the default font used on web pages in Tor Browser had changed (I didn't change the version/language of Tor Browser).

I suppose that this means that an attacker can guess a user's locale based on the font used to display a page.

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by gk

Cc: gk added
Keywords: tbb-fingerprinting added

comment:2 Changed 5 years ago by gacar

This could be related to #5926. Hopefully, arthuredelstein's locale spoofing patch may fix this issue as well.

A relevant bug and discussion at Mozilla side:
https://bugzilla.mozilla.org/show_bug.cgi?id=1010535#c7

comment:3 Changed 5 years ago by mikeperry

Keywords: tbb-fingerprinting-locale added; tbb-fingerprinting removed

comment:4 Changed 2 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.