Opened 18 months ago

Last modified 17 months ago

#30427 new defect

Tor Bowser locale can be detected with FTP

Reported by: gk Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-locale
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


xiaoyinl reported on HackerOne that the Tor Browser locale can be detected with FTP:

If a visitor navigates to a directory on a FTP server, Tor Browser shows a page displaying the directory tree. However, the source code of this page is generated by Tor Browser, rather than the server, because an FTP server only sends file info and the browser displays it in a nice format. Moreover, the FTP directory page is localized, even if the user has chosen not to reveal his/her UI language, i.e. privacy.spoof_english == 2.

Child Tickets

Change History (1)

comment:1 Changed 17 months ago by gk

Keywords: tbb-fingerprinting-locale added; tbb-fingerprinting removed

Add a more specific locale fingerprinting keyword.

Note: See TracTickets for help on using tickets.