Skip to content
Snippets Groups Projects
New look
Closed (moved) at startup, browser gleans user FULL NAME (real name, given name) from O/S
  • View options

    • at startup, browser gleans user FULL NAME (real name, given name) from O/S

  • View options
    • Closed (moved) Issue created by Trac

    (Reporting against Tor Browser 3.6.6, but this is a longstanding issue which affects all versions of the browser.)

    At each startup, code within nsUserInfoWin.cpp (see also: nsUserInfoUnix.cpp, nsUserInfoOS2.cpp, nsUserInfoMac.mm) scrapes user's FULL NAME (real name, given name) from the operating system and retains this in memory, stored to a constant, throughout the browser session.

    Additionally, the browser scrapes user's windows login username (and windows domain) along with his/her email address (if present, filled in within user's windows user account details). These personal details are similarly stored by the browser throughout the life of each browsing session.

    This privacy-infringing behavior is unconditional — no user_pref is available to prevent it.

    In researching "How dare they?!?" I gathered that this behavior exists because Firefox shares a codebase with Thunderbird, and back in the day someone thought it would be "kewl" for a Thunderbird user to find that the system magically knows his/her details when setting up a new TB account...

    If challenged to prove/demonstrate where these details are ever "leaked" by the browser, I cannot. However, these personal details are accessible to any extension (or out-of-band Mozilla update) and therefore are subject to exfiltration.

    Trac:
    Username: zinc

    Linked items ... 0

    • Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading