[tor-bugs] #20025 [Applications/Tor Browser]: document.characterSet enables fingerprinting of localization (only with HSTS?)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Aug 30 06:23:33 UTC 2016
#20025: document.characterSet enables fingerprinting of localization (only with
HSTS?)
--------------------------------------+--------------------------
Reporter: dcf | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by dcf):
I checked and the same HSTS weirdness happens with stock Firefox 45.3.0.
To reproduce, go to Preferences → Content → Fonts & Colors → Advanced →
Text Encoding for Legacy Content, and select Korean. Then the HSTS demo
page https://people.torproject.org/~dcf/tor20025/check-charset.html will
show `EUC-KR` for document.characterSet. The non-HSTS demo page
https://people.eecs.berkeley.edu/~fifield/tor20025/check-charset.html
continues to show `windows-1252`.
Chromium 52.0.2743.116 doesn't appear to make a difference between HSTS
and non-HSTS. Go to Settings → Web content → Customize fonts → Encoding
and change to Korean. Both demo pages show `EUC-KR`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20025#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list