[tbb-bugs] #30605 [Applications/Tor Browser]: accept-language header leaks browser localization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 24 16:52:47 UTC 2019
#30605: accept-language header leaks browser localization
--------------------------------------+--------------------------
Reporter: sysrqb | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by acat):
I think what happens in desktop (with lang other than en-US) is that on
first navigation there is the prompt asking whether to spoof to english,
if the user accepts then it sets the `privacy.spoof_english = 2` pref.
Then, the pref listener in
`toolkit/components/resistfingerprinting/RFPHelper.jsm` sets the
`intl.accept_languages = en-US,en`. In Android I don't see
`privacy.spoof_english` is not set, and then even if set manually to 2,
`intl.accept_languages` is not changed. I wonder what is failing here...
Changing `intl.accept_languages = en-US,en` manually works, and then the
`accept-language` header is spoofed correctly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30605#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list