[tor-bugs] #30427 [Applications/Tor Browser]: Tor Bowser locale can be detected with FTP
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 7 11:54:05 UTC 2019
#30427: Tor Bowser locale can be detected with FTP
------------------------------------------+--------------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords: tbb-fingerprinting
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------------
xiaoyinl reported on HackerOne that the Tor Browser locale can be detected
with FTP:
{{{
If a visitor navigates to a directory on a FTP server, Tor Browser shows a
page displaying the directory tree. However, the source code of this page
is generated by Tor Browser, rather than the server, because an FTP server
only sends file info and the browser displays it in a nice format.
Moreover, the FTP directory page is localized, even if the user has chosen
not to reveal his/her UI language, i.e. privacy.spoof_english == 2.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30427>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list