Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#31985 closed defect (fixed)

Check that Intl.RelativeTimeFormat does no leak the user agent locale

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: ff68-esr, tbb-fingerprinting-locale, TorBrowserTeam201910
Cc: Actual Points: 0.25
Parent ID: Points: 0.1
Reviewer: Sponsor:

Description is shipping the new Intl.RelativeTimeFormat interface. has some more information about this feature which appeared live in Firefox 65

Child Tickets

Change History (2)

comment:1 Changed 13 months ago by gk

Actual Points: 0.25
Resolution: fixed
Status: newclosed

The feature got actually implemented in

We should be good here due to the work that landed in, where the locale of the JS runtime can be spoofed in a way that always en-US is given back if resist fingerprinting is enabled.

I double-checked that on Linux by modifying the MDN example a bit, so that the code falls back to the default locale:

var rtf1 = new Intl.RelativeTimeFormat({ style: 'narrow' });

gives me a localized value if I don't have spoofing enabled but correctly give en-US values back otherwise.

A cursory code inspection showed as well that the locale of the JS context is queried ( which points to the JS runtime (, which in turn gets the proper default locale in

So we are good here.

comment:2 Changed 13 months ago by gk

Keywords: ff68-esr added
Note: See TracTickets for help on using tickets.