Opened 8 years ago

Closed 8 years ago

#5056 closed defect (duplicate)

User Agent bug related to update to Firefox 10

Reported by: cypherpunks Owned by: mikeperry
Priority: High Milestone:
Component: Firefox Patch Issues Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Firefox 10 no longer sends HTTP_ACCEPT_CHARSET header.

Tor Browser Bundle tor-browser-2.2.35-5_en-US.exe behaves in the same way, not sending this header, however its User Agent is the same as Firefox 5, which did send the HTTP_ACCEPT_CHARSET header.

This makes it much easier for websites to identify Tor users, and can also cause some confusion for browser sniffing and web statistics, thus possibly denying access for Tor users.

Easy resolution is to update the Tor Browser Bundle User Agent to the same one as Firefox 10. Based on the upgrade curve of new Firefox versions, majority of Firefox users will be running Firefox 10 very soon.

Child Tickets

Change History (3)

comment:1 in reply to:  description ; Changed 8 years ago by arma

Replying to cypherpunks:

Easy resolution is to update the Tor Browser Bundle User Agent to the same one as Firefox 10. Based on the upgrade curve of new Firefox versions, majority of Firefox users will be running Firefox 10 very soon.

Should Torbutton in TBB stop messing with your user agent? It does more harm than good right now. Or should it learn to regexp the Firefox user agent so we can claim we're always on Windows but using whichever version of Firefox it is? Right now we need a new Torbutton release for every new Firefox release, just to update the user-agent that it sets.

Unless this is already configurable in Torbutton, in which case it should be another step in the TBB build process?

comment:2 in reply to:  1 Changed 8 years ago by cypherpunks

Priority: normalmajor

Replying to arma:

Should Torbutton in TBB stop messing with your user agent? It does more harm than good right now. Or should it learn to regexp the Firefox user agent so we can claim we're always on Windows but using whichever version of Firefox it is?

Not Original Poster here.

I see the browser user agent purpose is twofold.

1) To make all Tor users look identical to each other.
2) To maintain compatibility with the rest of the Firefox users and the general web.

Requirement of (1) is that whatever the user agent is, it must be the same for all TBB users. This also implies that the user agent can be anything we want, as long as it is the same for everyone, bearing in mind (2) it does not break things (such as the http charset header now).

Keeping points (1) & (2) in mind, Torbutton should always keep the default Firefox User Agent, since adoption rate of new Firefoxes is rapid enough. However, it should always report the same WINDOWS version of Firefox (and the same version of windows) to maintain both compatibility and non-uniqueness of the users. This means that some regexp will be necessary.

As an afterthought, something that could be possibly very cool, would be if the Torbutton could select a user agent at random, with the probability of each user agent being the same as the proportions on the web - and change this user agent with every New Identity or every webpage. This means that for example 30% of the time it will report itself as firefox 9 running on winxp, 20% of the time as windows 7 internet explorer, and so on. I do not know whether this is a safe thing to do, from both the perspective of anonymity and not breaking the web.

comment:3 Changed 8 years ago by mikeperry

Resolution: duplicate
Status: newclosed

Dup of #3845.

Patches welcome for any other cool ideas.

Also, consider exit nodes are public, archived, and queriable. We don't try to hide Tor users right now.

Note: See TracTickets for help on using tickets.