Pier Angelo Vendrame pushed to branch tor-browser-128.6.0esr-14.5-1 at The Tor Project / Applications / Tor Browser
Commits:
-
31235564
by Pier Angelo Vendrame at 2025-01-27T14:33:37+01:00
-
ee81cb96
by Pier Angelo Vendrame at 2025-01-27T15:05:09+01:00
6 changed files:
- browser/components/resistfingerprinting/test/browser/browser_navigator.js
- browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js
- dom/base/Navigator.cpp
- netwerk/protocol/http/nsHttpHandler.cpp
- toolkit/components/resistfingerprinting/nsRFPService.cpp
- toolkit/components/resistfingerprinting/nsRFPService.h
Changes:
| ... | ... | @@ -107,20 +107,13 @@ const DEFAULT_UA_OS = { |
| 107 | 107 | other: `X11; Linux ${defaultLinuxCpu}`,
|
| 108 | 108 | };
|
| 109 | 109 | |
| 110 | -const SPOOFED_UA_NAVIGATOR_OS = {
|
|
| 110 | +const SPOOFED_UA_OS = {
|
|
| 111 | 111 | linux: "X11; Linux x86_64",
|
| 112 | 112 | win: "Windows NT 10.0; Win64; x64",
|
| 113 | 113 | macosx: "Macintosh; Intel Mac OS X 10.15",
|
| 114 | 114 | android: "Android 10; Mobile",
|
| 115 | 115 | other: "X11; Linux x86_64",
|
| 116 | 116 | };
|
| 117 | -const SPOOFED_UA_HTTPHEADER_OS = {
|
|
| 118 | - linux: "Windows NT 10.0; Win64; x64",
|
|
| 119 | - win: "Windows NT 10.0; Win64; x64",
|
|
| 120 | - macosx: "Windows NT 10.0; Win64; x64",
|
|
| 121 | - android: "Android 10; Mobile",
|
|
| 122 | - other: "Windows NT 10.0; Win64; x64",
|
|
| 123 | -};
|
|
| 124 | 117 | const SPOOFED_HW_CONCURRENCY = 2;
|
| 125 | 118 | |
| 126 | 119 | const CONST_APPCODENAME = "Mozilla";
|
| ... | ... | @@ -169,7 +162,7 @@ async function testUserAgentHeader() { |
| 169 | 162 | |
| 170 | 163 | is(
|
| 171 | 164 | result,
|
| 172 | - expectedResults.userAgentHeader,
|
|
| 165 | + expectedResults.userAgent,
|
|
| 173 | 166 | `Checking ${expectedResults.testDesc} User Agent HTTP Header.`
|
| 174 | 167 | );
|
| 175 | 168 | |
| ... | ... | @@ -203,7 +196,7 @@ async function testNavigator() { |
| 203 | 196 | );
|
| 204 | 197 | is(
|
| 205 | 198 | result.userAgent,
|
| 206 | - expectedResults.userAgentNavigator,
|
|
| 199 | + expectedResults.userAgent,
|
|
| 207 | 200 | `Checking ${testDesc} navigator.userAgent.`
|
| 208 | 201 | );
|
| 209 | 202 | is(
|
| ... | ... | @@ -308,7 +301,7 @@ async function testWorkerNavigator() { |
| 308 | 301 | );
|
| 309 | 302 | is(
|
| 310 | 303 | result.userAgent,
|
| 311 | - expectedResults.userAgentNavigator,
|
|
| 304 | + expectedResults.userAgent,
|
|
| 312 | 305 | `Checking ${testDesc} worker navigator.userAgent.`
|
| 313 | 306 | );
|
| 314 | 307 | is(
|
| ... | ... | @@ -364,8 +357,7 @@ add_task(async function setupDefaultUserAgent() { |
| 364 | 357 | oscpu: DEFAULT_OSCPU[AppConstants.platform],
|
| 365 | 358 | platform: DEFAULT_PLATFORM[AppConstants.platform],
|
| 366 | 359 | pluginsLength: 5,
|
| 367 | - userAgentNavigator: defaultUserAgent,
|
|
| 368 | - userAgentHeader: defaultUserAgent,
|
|
| 360 | + userAgent: defaultUserAgent,
|
|
| 369 | 361 | };
|
| 370 | 362 | |
| 371 | 363 | await testNavigator();
|
| ... | ... | @@ -397,8 +389,7 @@ add_task(async function setupRFPExemptions() { |
| 397 | 389 | oscpu: DEFAULT_OSCPU[AppConstants.platform],
|
| 398 | 390 | platform: DEFAULT_PLATFORM[AppConstants.platform],
|
| 399 | 391 | pluginsLength: 5,
|
| 400 | - userAgentNavigator: defaultUserAgent,
|
|
| 401 | - userAgentHeader: defaultUserAgent,
|
|
| 392 | + userAgent: defaultUserAgent,
|
|
| 402 | 393 | };
|
| 403 | 394 | |
| 404 | 395 | await testNavigator();
|
| ... | ... | @@ -447,8 +438,7 @@ add_task(async function setupETPToggleExemptions() { |
| 447 | 438 | oscpu: DEFAULT_OSCPU[AppConstants.platform],
|
| 448 | 439 | platform: DEFAULT_PLATFORM[AppConstants.platform],
|
| 449 | 440 | pluginsLength: 5,
|
| 450 | - userAgentNavigator: defaultUserAgent,
|
|
| 451 | - userAgentHeader: defaultUserAgent,
|
|
| 441 | + userAgent: defaultUserAgent,
|
|
| 452 | 442 | };
|
| 453 | 443 | |
| 454 | 444 | await testNavigator();
|
| ... | ... | @@ -482,12 +472,8 @@ add_task(async function setupResistFingerprinting() { |
| 482 | 472 | |
| 483 | 473 | let spoofedGeckoTrail = SPOOFED_UA_GECKO_TRAIL[AppConstants.platform];
|
| 484 | 474 | |
| 485 | - let spoofedUserAgentNavigator = `Mozilla/5.0 (${
|
|
| 486 | - SPOOFED_UA_NAVIGATOR_OS[AppConstants.platform]
|
|
| 487 | - }; rv:${appVersion}.0) Gecko/${spoofedGeckoTrail} Firefox/${appVersion}.0`;
|
|
| 488 | - |
|
| 489 | - let spoofedUserAgentHeader = `Mozilla/5.0 (${
|
|
| 490 | - SPOOFED_UA_HTTPHEADER_OS[AppConstants.platform]
|
|
| 475 | + let spoofedUserAgent = `Mozilla/5.0 (${
|
|
| 476 | + SPOOFED_UA_OS[AppConstants.platform]
|
|
| 491 | 477 | }; rv:${appVersion}.0) Gecko/${spoofedGeckoTrail} Firefox/${appVersion}.0`;
|
| 492 | 478 | |
| 493 | 479 | expectedResults = {
|
| ... | ... | @@ -498,8 +484,7 @@ add_task(async function setupResistFingerprinting() { |
| 498 | 484 | oscpu: SPOOFED_OSCPU[AppConstants.platform],
|
| 499 | 485 | platform: SPOOFED_PLATFORM[AppConstants.platform],
|
| 500 | 486 | pluginsLength: 5,
|
| 501 | - userAgentNavigator: spoofedUserAgentNavigator,
|
|
| 502 | - userAgentHeader: spoofedUserAgentHeader,
|
|
| 487 | + userAgent: spoofedUserAgent,
|
|
| 503 | 488 | };
|
| 504 | 489 | |
| 505 | 490 | await testNavigator();
|
| ... | ... | @@ -122,20 +122,13 @@ const DEFAULT_UA_OS = { |
| 122 | 122 | other: `X11; Linux ${defaultLinuxCpu}`,
|
| 123 | 123 | };
|
| 124 | 124 | |
| 125 | -const SPOOFED_UA_NAVIGATOR_OS = {
|
|
| 125 | +const SPOOFED_UA_OS = {
|
|
| 126 | 126 | linux: "X11; Linux x86_64",
|
| 127 | 127 | win: "Windows NT 10.0; Win64; x64",
|
| 128 | 128 | macosx: "Macintosh; Intel Mac OS X 10.15",
|
| 129 | 129 | android: "Android 10; Mobile",
|
| 130 | 130 | other: "X11; Linux x86_64",
|
| 131 | 131 | };
|
| 132 | -const SPOOFED_UA_HTTPHEADER_OS = {
|
|
| 133 | - linux: "Windows NT 10.0; Win64; x64",
|
|
| 134 | - win: "Windows NT 10.0; Win64; x64",
|
|
| 135 | - macosx: "Windows NT 10.0; Win64; x64",
|
|
| 136 | - android: "Android 10; Mobile",
|
|
| 137 | - other: "Windows NT 10.0; Win64; x64",
|
|
| 138 | -};
|
|
| 139 | 132 | const SPOOFED_HW_CONCURRENCY = 2;
|
| 140 | 133 | |
| 141 | 134 | const CONST_APPCODENAME = "Mozilla";
|
| ... | ... | @@ -186,12 +179,12 @@ async function testNavigator(result, expectedResults, extraData) { |
| 186 | 179 | );
|
| 187 | 180 | is(
|
| 188 | 181 | result.userAgent,
|
| 189 | - expectedResults.userAgentNavigator,
|
|
| 182 | + expectedResults.userAgent,
|
|
| 190 | 183 | `Checking ${testDesc} navigator.userAgent.`
|
| 191 | 184 | );
|
| 192 | 185 | is(
|
| 193 | 186 | result.userAgentHTTPHeader,
|
| 194 | - expectedResults.userAgentHTTPHeader,
|
|
| 187 | + expectedResults.userAgent,
|
|
| 195 | 188 | `Checking ${testDesc} userAgentHTTPHeader.`
|
| 196 | 189 | );
|
| 197 | 190 | is(
|
| ... | ... | @@ -268,7 +261,7 @@ async function testNavigator(result, expectedResults, extraData) { |
| 268 | 261 | );
|
| 269 | 262 | is(
|
| 270 | 263 | result.worker_userAgent,
|
| 271 | - expectedResults.userAgentNavigator,
|
|
| 264 | + expectedResults.userAgent,
|
|
| 272 | 265 | `Checking ${testDesc} worker navigator.userAgent.`
|
| 273 | 266 | );
|
| 274 | 267 | is(
|
| ... | ... | @@ -295,8 +288,7 @@ async function testNavigator(result, expectedResults, extraData) { |
| 295 | 288 | }
|
| 296 | 289 | |
| 297 | 290 | let defaultUserAgent;
|
| 298 | -let spoofedUserAgentNavigator;
|
|
| 299 | -let spoofedUserAgentHeader;
|
|
| 291 | +let spoofedUserAgent;
|
|
| 300 | 292 | let allNotSpoofed;
|
| 301 | 293 | let allSpoofed;
|
| 302 | 294 | |
| ... | ... | @@ -308,14 +300,8 @@ add_setup(async () => { |
| 308 | 300 | DEFAULT_UA_GECKO_TRAIL[AppConstants.platform]
|
| 309 | 301 | } Firefox/${appVersion}.0`;
|
| 310 | 302 | |
| 311 | - spoofedUserAgentNavigator = `Mozilla/5.0 (${
|
|
| 312 | - SPOOFED_UA_NAVIGATOR_OS[AppConstants.platform]
|
|
| 313 | - }; rv:${appVersion}.0) Gecko/${
|
|
| 314 | - SPOOFED_UA_GECKO_TRAIL[AppConstants.platform]
|
|
| 315 | - } Firefox/${appVersion}.0`;
|
|
| 316 | - |
|
| 317 | - spoofedUserAgentHeader = `Mozilla/5.0 (${
|
|
| 318 | - SPOOFED_UA_HTTPHEADER_OS[AppConstants.platform]
|
|
| 303 | + spoofedUserAgent = `Mozilla/5.0 (${
|
|
| 304 | + SPOOFED_UA_OS[AppConstants.platform]
|
|
| 319 | 305 | }; rv:${appVersion}.0) Gecko/${
|
| 320 | 306 | SPOOFED_UA_GECKO_TRAIL[AppConstants.platform]
|
| 321 | 307 | } Firefox/${appVersion}.0`;
|
| ... | ... | @@ -331,8 +317,7 @@ add_setup(async () => { |
| 331 | 317 | oscpu: DEFAULT_OSCPU[AppConstants.platform],
|
| 332 | 318 | platform: DEFAULT_PLATFORM[AppConstants.platform],
|
| 333 | 319 | pluginsLength: 5,
|
| 334 | - userAgentNavigator: defaultUserAgent,
|
|
| 335 | - userAgentHTTPHeader: defaultUserAgent,
|
|
| 320 | + userAgent: defaultUserAgent,
|
|
| 336 | 321 | framer_crossOrigin_userAgentHTTPHeader: defaultUserAgent,
|
| 337 | 322 | framee_crossOrigin_userAgentHTTPHeader: defaultUserAgent,
|
| 338 | 323 | };
|
| ... | ... | @@ -343,10 +328,9 @@ add_setup(async () => { |
| 343 | 328 | oscpu: SPOOFED_OSCPU[AppConstants.platform],
|
| 344 | 329 | platform: SPOOFED_PLATFORM[AppConstants.platform],
|
| 345 | 330 | pluginsLength: 5,
|
| 346 | - userAgentNavigator: spoofedUserAgentNavigator,
|
|
| 347 | - userAgentHTTPHeader: spoofedUserAgentHeader,
|
|
| 348 | - framer_crossOrigin_userAgentHTTPHeader: spoofedUserAgentHeader,
|
|
| 349 | - framee_crossOrigin_userAgentHTTPHeader: spoofedUserAgentHeader,
|
|
| 331 | + userAgent: spoofedUserAgent,
|
|
| 332 | + framer_crossOrigin_userAgentHTTPHeader: spoofedUserAgent,
|
|
| 333 | + framee_crossOrigin_userAgentHTTPHeader: spoofedUserAgent,
|
|
| 350 | 334 | };
|
| 351 | 335 | });
|
| 352 | 336 | |
| ... | ... | @@ -385,8 +369,7 @@ add_task(async () => { |
| 385 | 369 | add_task(async () => {
|
| 386 | 370 | expectedResults = structuredClone(allSpoofed);
|
| 387 | 371 | expectedResults.framer_crossOrigin_userAgentHTTPHeader = defaultUserAgent;
|
| 388 | - expectedResults.framee_crossOrigin_userAgentHTTPHeader =
|
|
| 389 | - spoofedUserAgentHeader;
|
|
| 372 | + expectedResults.framee_crossOrigin_userAgentHTTPHeader = spoofedUserAgent;
|
|
| 390 | 373 | await testC(uri, testNavigator, expectedResults);
|
| 391 | 374 | });
|
| 392 | 375 | |
| ... | ... | @@ -394,8 +377,7 @@ add_task(async () => { |
| 394 | 377 | add_task(async () => {
|
| 395 | 378 | expectedResults = structuredClone(allSpoofed);
|
| 396 | 379 | expectedResults.framer_crossOrigin_userAgentHTTPHeader = defaultUserAgent;
|
| 397 | - expectedResults.framee_crossOrigin_userAgentHTTPHeader =
|
|
| 398 | - spoofedUserAgentHeader;
|
|
| 380 | + expectedResults.framee_crossOrigin_userAgentHTTPHeader = spoofedUserAgent;
|
|
| 399 | 381 | await testD(uri, testNavigator, expectedResults);
|
| 400 | 382 | });
|
| 401 | 383 |
| ... | ... | @@ -2118,7 +2118,7 @@ nsresult Navigator::GetUserAgent(nsPIDOMWindowInner* aWindow, |
| 2118 | 2118 | // specific OS version, etc.
|
| 2119 | 2119 | if (shouldResistFingerprinting) {
|
| 2120 | 2120 | nsAutoCString spoofedUA;
|
| 2121 | - nsRFPService::GetSpoofedUserAgent(spoofedUA, false);
|
|
| 2121 | + nsRFPService::GetSpoofedUserAgent(spoofedUA);
|
|
| 2122 | 2122 | CopyASCIItoUTF16(spoofedUA, aUserAgent);
|
| 2123 | 2123 | return NS_OK;
|
| 2124 | 2124 | }
|
| ... | ... | @@ -409,7 +409,7 @@ nsresult nsHttpHandler::Init() { |
| 409 | 409 | mMisc.AssignLiteral("rv:" MOZILLA_UAVERSION);
|
| 410 | 410 | |
| 411 | 411 | // Generate the spoofed User Agent for fingerprinting resistance.
|
| 412 | - nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true);
|
|
| 412 | + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent);
|
|
| 413 | 413 | |
| 414 | 414 | mSessionStartTime = NowInSeconds();
|
| 415 | 415 | mHandlerActive = true;
|
| ... | ... | @@ -482,9 +482,6 @@ nsresult nsHttpHandler::Init() { |
| 482 | 482 | // obsService->AddObserver(this, "net:failed-to-process-uri-content", true);
|
| 483 | 483 | }
|
| 484 | 484 | |
| 485 | - Preferences::AddWeakObserver(
|
|
| 486 | - this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
|
|
| 487 | - |
|
| 488 | 485 | MakeNewRequestTokenBucket();
|
| 489 | 486 | mWifiTickler = new Tickler();
|
| 490 | 487 | if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr;
|
| ... | ... | @@ -2143,9 +2140,6 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, |
| 2143 | 2140 | // Inform nsIOService that network is tearing down.
|
| 2144 | 2141 | gIOService->SetHttpHandlerAlreadyShutingDown();
|
| 2145 | 2142 | |
| 2146 | - Preferences::RemoveObserver(
|
|
| 2147 | - this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
|
|
| 2148 | - |
|
| 2149 | 2143 | ShutdownConnectionManager();
|
| 2150 | 2144 | |
| 2151 | 2145 | // need to reset the session start time since cache validation may
|
| ... | ... | @@ -2268,11 +2262,6 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, |
| 2268 | 2262 | ShutdownConnectionManager();
|
| 2269 | 2263 | mConnMgr = nullptr;
|
| 2270 | 2264 | Unused << InitConnectionMgr();
|
| 2271 | - } else if (!strcmp(topic, "nsPref:changed") &&
|
|
| 2272 | - !NS_strcmp(
|
|
| 2273 | - data,
|
|
| 2274 | - u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) {
|
|
| 2275 | - nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true);
|
|
| 2276 | 2265 | }
|
| 2277 | 2266 | |
| 2278 | 2267 | return NS_OK;
|
| ... | ... | @@ -895,8 +895,7 @@ uint32_t nsRFPService::GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, |
| 895 | 895 | // User-Agent/Version Stuff
|
| 896 | 896 | |
| 897 | 897 | /* static */
|
| 898 | -void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent,
|
|
| 899 | - bool isForHTTPHeader) {
|
|
| 898 | +void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent) {
|
|
| 900 | 899 | // This function generates the spoofed value of User Agent.
|
| 901 | 900 | // We spoof the values of the platform and Firefox version, which could be
|
| 902 | 901 | // used as fingerprinting sources to identify individuals.
|
| ... | ... | @@ -904,38 +903,22 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, |
| 904 | 903 | // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
|
| 905 | 904 | // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
|
| 906 | 905 | |
| 907 | - const bool spoofOs =
|
|
| 908 | - isForHTTPHeader &&
|
|
| 909 | - Preferences::GetBool(
|
|
| 910 | - "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true);
|
|
| 911 | - |
|
| 912 | 906 | // These magic numbers are the lengths of the UA string literals below.
|
| 913 | 907 | // Assume three-digit Firefox version numbers so we have room to grow.
|
| 914 | 908 | size_t preallocatedLength =
|
| 915 | - 13 +
|
|
| 916 | - (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
|
|
| 917 | - : mozilla::ArrayLength(SPOOFED_UA_OS)) -
|
|
| 918 | - 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 +
|
|
| 919 | - 2;
|
|
| 909 | + 13 + mozilla::ArrayLength(SPOOFED_UA_OS) - 1 + 5 + 3 + 10 +
|
|
| 910 | + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 + 2;
|
|
| 920 | 911 | userAgent.SetCapacity(preallocatedLength);
|
| 921 | 912 | |
| 922 | 913 | // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0"
|
| 923 | 914 | userAgent.AssignLiteral("Mozilla/5.0 (");
|
| 924 | - |
|
| 925 | - if (spoofOs) {
|
|
| 926 | - userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS);
|
|
| 927 | - } else {
|
|
| 928 | - userAgent.AppendLiteral(SPOOFED_UA_OS);
|
|
| 929 | - }
|
|
| 930 | - |
|
| 915 | + userAgent.AppendLiteral(SPOOFED_UA_OS);
|
|
| 931 | 916 | userAgent.AppendLiteral("; rv:" MOZILLA_UAVERSION ") Gecko/");
|
| 932 | - |
|
| 933 | 917 | #if defined(ANDROID)
|
| 934 | 918 | userAgent.AppendLiteral(MOZILLA_UAVERSION);
|
| 935 | 919 | #else
|
| 936 | 920 | userAgent.AppendLiteral(LEGACY_UA_GECKO_TRAIL);
|
| 937 | 921 | #endif
|
| 938 | - |
|
| 939 | 922 | userAgent.AppendLiteral(" Firefox/" MOZILLA_UAVERSION);
|
| 940 | 923 | |
| 941 | 924 | MOZ_ASSERT(userAgent.Length() <= preallocatedLength);
|
| ... | ... | @@ -59,14 +59,6 @@ |
| 59 | 59 | |
| 60 | 60 | #define SPOOFED_POINTER_INTERFACE MouseEvent_Binding::MOZ_SOURCE_MOUSE
|
| 61 | 61 | |
| 62 | -// For the HTTP User-Agent header, we use a simpler set of spoofed values
|
|
| 63 | -// that do not reveal the specific desktop platform.
|
|
| 64 | -#if defined(MOZ_WIDGET_ANDROID)
|
|
| 65 | -# define SPOOFED_HTTP_UA_OS "Android 10; Mobile"
|
|
| 66 | -#else
|
|
| 67 | -# define SPOOFED_HTTP_UA_OS "Windows NT 10.0; Win64; x64"
|
|
| 68 | -#endif
|
|
| 69 | - |
|
| 70 | 62 | struct JSContext;
|
| 71 | 63 | |
| 72 | 64 | class nsIChannel;
|
| ... | ... | @@ -267,7 +259,7 @@ class nsRFPService final : public nsIObserver, public nsIRFPService { |
| 267 | 259 | // --------------------------------------------------------------------------
|
| 268 | 260 | |
| 269 | 261 | // This method generates the spoofed value of User Agent.
|
| 270 | - static void GetSpoofedUserAgent(nsACString& userAgent, bool isForHTTPHeader);
|
|
| 262 | + static void GetSpoofedUserAgent(nsACString& userAgent);
|
|
| 271 | 263 | |
| 272 | 264 | // --------------------------------------------------------------------------
|
| 273 | 265 |