Opened 2 years ago

Closed 2 years ago

#21608 closed defect (fixed)

Investigate `DateTimeFormat.formatToParts` for fingerprintability issues

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff52-esr, tbb-7.0-must-alpha, tbb-fingerprinting, TorBrowserTeam201705R
Cc: mcs, brade, arthuredelstein Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor4

Description

From #19048:

We should verify that timezone and/or locale not leaked to web content by new API.
https://bugzilla.mozilla.org/show_bug.cgi?id=1289340
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DateTimeFormat/formatToParts

Child Tickets

Change History (9)

comment:1 Changed 2 years ago by gk

Keywords: tbb-7.0-must added

Adding tickets to our 7.0 ticket list

comment:2 Changed 2 years ago by gk

Keywords: tbb-7.0-must-alpha added; tbb-7.0-must removed

Getting more tickets on our alpha radar.

comment:3 Changed 2 years ago by gk

Priority: MediumHigh

Moving the investigation tickets to higher priority.

comment:4 Changed 2 years ago by arthuredelstein

Cc: arthuredelstein added

comment:5 Changed 2 years ago by arthuredelstein

Keywords: tbb-fingerprinting added

comment:6 Changed 2 years ago by arthuredelstein

Keywords: TorBrowserTeam201705R added
Status: newneeds_review

I ran the following manual test in TBB 7.0a3:

var date = Date.UTC(2012, 11, 17, 3, 0, 42);

var formatter = new Intl.DateTimeFormat(undefined, {
  weekday: 'long',
  year: 'numeric',
  month: 'numeric',
  day: 'numeric',
  hour: 'numeric',
  minute: 'numeric',
  second: 'numeric',
  hour12: true,
  timeZone: 'UTC'
});

console.log(formatter.resolvedOptions().locale);
console.log(formatter.format(date));
console.log(JSON.stringify(formatter.formatToParts(date)));

The result for javascript.use_us_english_locale = true was:

en-US 
Monday, 12/17/2012, 3:00:42 AM 
[{"type":"weekday","value":"Monday"},{"type":"literal","value":", "},{"type":"month","value":"12"},{"type":"literal","value":"/"},{"type":"day","value":"17"},{"type":"literal","value":"/"},{"type":"year","value":"2012"},{"type":"literal","value":", "},{"type":"hour","value":"3"},{"type":"literal","value":":"},{"type":"minute","value":"00"},{"type":"literal","value":":"},{"type":"second","value":"42"},{"type":"literal","value":" "},{"type":"dayPeriod","value":"AM"}]

The result for javascript.use_us_english_locale = false was:

de-DE 
Montag, 17.12.2012, 3:00:42 vorm. 
[{"type":"weekday","value":"Montag"},{"type":"literal","value":", "},{"type":"day","value":"17"},{"type":"literal","value":"."},{"type":"month","value":"12"},{"type":"literal","value":"."},{"type":"year","value":"2012"},{"type":"literal","value":", "},{"type":"hour","value":"3"},{"type":"literal","value":":"},{"type":"minute","value":"00"},{"type":"literal","value":":"},{"type":"second","value":"42"},{"type":"literal","value":" "},{"type":"dayPeriod","value":"vorm."}]

so the default pref setting we already have in TBB (javascript.use_use_english_locale = true) is enough and no patch is needed here (please review).

It will be good to include a regression test for this. I opened #22125 for the task of creating regression tests for all APIs affected by this pref.

Last edited 2 years ago by arthuredelstein (previous) (diff)

comment:7 Changed 2 years ago by cypherpunks

Pref is javascript.use_us_english_locale ;)
Also we need something international as UTC, but not us_english for american idiots only, like 12/17/2012 instead of dd.mm.yyyy or even yyyy.mm.dd, 3:00:42 PM instead of 15:00:42, and so on. System SI has all we need.

comment:8 in reply to:  7 Changed 2 years ago by arthuredelstein

Replying to cypherpunks:

Pref is javascript.use_us_english_locale ;)

Oops; fixed the typo, thanks.

Also we need something international as UTC, but not us_english for american idiots only, like 12/17/2012 instead of dd.mm.yyyy or even yyyy.mm.dd, 3:00:42 PM instead of 15:00:42, and so on. System SI has all we need.

This American idiot agrees with you. I opened #22130.

comment:9 Changed 2 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good to me. Thanks for opening #22125. Having such a test would be pretty valuable.

Note: See TracTickets for help on using tickets.