Opened 3 years ago

Closed 3 years ago

#24208 closed defect (not a bug)

Backport 1415488

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, TorBrowserTeam201711
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by arthuredelstein

Summary: Backport 141548Backport 1415488

comment:2 Changed 3 years ago by gk

Status: newneeds_information

Are we affected by that bug? It's not clear to me from reading the ticket because we generally overwrite the user agent by setting preferences.

comment:3 Changed 3 years ago by cypherpunks

I do believe that ticket may not be filed correctly as it appears they are reporting a ua leak with a preview build of ff 57. Fwiw I tested win64/linux64 builds of ff 57. The linux build being 57.0+build4-0ubuntu0.16.04.5 from mozilla ppa as my distro did not provide the upgrade option. I could not reproduce the bug by fiddling with resistfingerprinting or http-proxy on ff 56/57.

For TBB I checked 7.0.9, and 7.0.10 and could not reproduce the bug by fiddling with resistfingerprinting or the ua override. Since TBB doesn't use http-proxy I did not test that configuration. It's still interesting to note Mozilla has had issues with resistfingerprinting overriding ua before through transitory interaction with other components like dom. It looks like *if* the ua override preference exists, it will currently have the final word, and fortunately TBB makes it's presence mandatory.

In other words resistfingerprinting cannot currently set/unset the ua at all in TBB, but that may only be because the ua override pref gets priority and cannot be removed accidently. To be safe you could patch resistfingerprinting such that if that priority ever gets confused it cannot set a ua.

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:4 Changed 3 years ago by gk

Resolution: not a bug
Status: needs_informationclosed

I think we are good here, please reopen if not.

Note: See TracTickets for help on using tickets.