Pier Angelo Vendrame pushed to branch mullvad-browser-115.8.0esr-13.5-1 at The Tor Project / Applications / Mullvad Browser
Commits:
-
ed66bd0f
by Pier Angelo Vendrame at 2024-02-29T14:09:03+01:00
-
b9146e90
by Pier Angelo Vendrame at 2024-02-29T14:09:08+01:00
-
e473a103
by Pier Angelo Vendrame at 2024-02-29T14:09:08+01:00
3 changed files:
- browser/app/profile/000-mullvad-browser.js
- netwerk/protocol/http/nsHttpHandler.cpp
- toolkit/components/resistfingerprinting/nsRFPService.cpp
Changes:
... | ... | @@ -7,23 +7,23 @@ pref("browser.startup.homepage", "about:mullvad-browser"); |
7 | 7 | // a result.
|
8 | 8 | pref("browser.toolbars.bookmarks.visibility", "never");
|
9 | 9 | |
10 | -// privacy-browser#19: Enable Mullvad's DOH
|
|
10 | +// mullvad-browser#19: Enable Mullvad's DOH
|
|
11 | 11 | pref("network.trr.uri", "https://dns.mullvad.net/dns-query");
|
12 | 12 | pref("network.trr.default_provider_uri", "https://dns.mullvad.net/dns-query");
|
13 | 13 | pref("network.trr.mode", 3);
|
14 | 14 | pref("doh-rollout.provider-list", "[{\"UIName\":\"Mullvad\",\"autoDefault\":true,\"canonicalName\":\"\",\"id\":\"mullvad\",\"last_modified\":0,\"schema\":0,\"uri\":\"https://dns.mullvad.net/dns-query\"},{\"UIName\":\"Mullvad (Ad-blocking)\",\"autoDefault\":false,\"canonicalName\":\"\",\"id\":\"mullvad\",\"last_modified\":0,\"schema\":0,\"uri\":\"https://adblock.dns.mullvad.net/dns-query\"}]");
|
15 | -// privacy-browser#122: Audit DoH heuristics
|
|
15 | +// mullvad-browser#122: Audit DoH heuristics
|
|
16 | 16 | pref("doh-rollout.disable-heuristics", true);
|
17 | 17 | |
18 | -// privacy-browser#37: Customization for the about dialog
|
|
18 | +// mullvad-browser#37: Customization for the about dialog
|
|
19 | 19 | pref("app.releaseNotesURL.aboutDialog", "about:blank");
|
20 | 20 | |
21 | -// privacy-browser#94: Disable legacy global microphone/webcam indicator
|
|
21 | +// mullvad-browser#94: Disable legacy global microphone/webcam indicator
|
|
22 | 22 | // Disable the legacy Firefox Quantum-styled global webcam/microphone indicator in favor of each
|
23 | 23 | // platform's native indicator
|
24 | 24 | pref("privacy.webrtc.legacyGlobalIndicator", false);
|
25 | 25 | |
26 | -// privacy-browser#87: Windows and Linux need additional work to make the
|
|
26 | +// mullvad-browser#87: Windows and Linux need additional work to make the
|
|
27 | 27 | // default browser choice working.
|
28 | 28 | // We are shipping only the portable versions for the initial release anyway, so
|
29 | 29 | // we leave this popup enabled only on macOS.
|
... | ... | @@ -34,7 +34,7 @@ pref("browser.shell.checkDefaultBrowser", false); |
34 | 34 | // mullvad-browser#228: default to spoof en-US and skip showing the dialog
|
35 | 35 | pref("privacy.spoof_english", 2);
|
36 | 36 | |
37 | -// privacy-browser#131: Review a few updater preferences
|
|
37 | +// mullvad-browser#131: Review a few updater preferences
|
|
38 | 38 | pref("app.update.notifyDuringDownload", true);
|
39 | 39 | pref("app.update.url.manual", "https://mullvad.net/download/browser");
|
40 | 40 | pref("app.update.url.details", "https://mullvad.net/download/browser");
|
... | ... | @@ -45,3 +45,6 @@ pref("app.releaseNotesURL", "https://github.com/mullvad/mullvad-browser/releases |
45 | 45 | pref("app.releaseNotesURL.aboutDialog", "about:blank");
|
46 | 46 | // point to our feedback url rather than Mozilla's
|
47 | 47 | pref("app.feedback.baseURL", "https://mullvad.net/help/tag/browser/");
|
48 | + |
|
49 | +// mullvad-browser#234: Do not spoof the OS in the User-Agent header
|
|
50 | +pref("privacy.resistFingerprinting.spoofOsInUserAgentHeader", false); |
... | ... | @@ -497,6 +497,9 @@ nsresult nsHttpHandler::Init() { |
497 | 497 | // obsService->AddObserver(this, "net:failed-to-process-uri-content", true);
|
498 | 498 | }
|
499 | 499 | |
500 | + Preferences::AddWeakObserver(
|
|
501 | + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
|
|
502 | + |
|
500 | 503 | MakeNewRequestTokenBucket();
|
501 | 504 | mWifiTickler = new Tickler();
|
502 | 505 | if (NS_FAILED(mWifiTickler->Init())) mWifiTickler = nullptr;
|
... | ... | @@ -2071,6 +2074,9 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, |
2071 | 2074 | // Inform nsIOService that network is tearing down.
|
2072 | 2075 | gIOService->SetHttpHandlerAlreadyShutingDown();
|
2073 | 2076 | |
2077 | + Preferences::RemoveObserver(
|
|
2078 | + this, "privacy.resistFingerprinting.spoofOsInUserAgentHeader"_ns);
|
|
2079 | + |
|
2074 | 2080 | ShutdownConnectionManager();
|
2075 | 2081 | |
2076 | 2082 | // need to reset the session start time since cache validation may
|
... | ... | @@ -2196,6 +2202,11 @@ nsHttpHandler::Observe(nsISupports* subject, const char* topic, |
2196 | 2202 | ShutdownConnectionManager();
|
2197 | 2203 | mConnMgr = nullptr;
|
2198 | 2204 | Unused << InitConnectionMgr();
|
2205 | + } else if (!strcmp(topic, "nsPref:changed") &&
|
|
2206 | + !NS_strcmp(
|
|
2207 | + data,
|
|
2208 | + u"privacy.resistFingerprinting.spoofOsInUserAgentHeader")) {
|
|
2209 | + nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent, true);
|
|
2199 | 2210 | }
|
2200 | 2211 | |
2201 | 2212 | return NS_OK;
|
... | ... | @@ -939,12 +939,17 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, |
939 | 939 | // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
|
940 | 940 | // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
|
941 | 941 | |
942 | + const bool spoofOs =
|
|
943 | + isForHTTPHeader &&
|
|
944 | + Preferences::GetBool(
|
|
945 | + "privacy.resistFingerprinting.spoofOsInUserAgentHeader", true);
|
|
946 | + |
|
942 | 947 | // These magic numbers are the lengths of the UA string literals below.
|
943 | 948 | // Assume three-digit Firefox version numbers so we have room to grow.
|
944 | 949 | size_t preallocatedLength =
|
945 | 950 | 13 +
|
946 | - (isForHTTPHeader ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
|
|
947 | - : mozilla::ArrayLength(SPOOFED_UA_OS)) -
|
|
951 | + (spoofOs ? mozilla::ArrayLength(SPOOFED_HTTP_UA_OS)
|
|
952 | + : mozilla::ArrayLength(SPOOFED_UA_OS)) -
|
|
948 | 953 | 1 + 5 + 3 + 10 + mozilla::ArrayLength(LEGACY_UA_GECKO_TRAIL) - 1 + 9 + 3 +
|
949 | 954 | 2;
|
950 | 955 | userAgent.SetCapacity(preallocatedLength);
|
... | ... | @@ -954,7 +959,7 @@ void nsRFPService::GetSpoofedUserAgent(nsACString& userAgent, |
954 | 959 | // "Mozilla/5.0 (%s; rv:%d.0) Gecko/%d Firefox/%d.0"
|
955 | 960 | userAgent.AssignLiteral("Mozilla/5.0 (");
|
956 | 961 | |
957 | - if (isForHTTPHeader) {
|
|
962 | + if (spoofOs) {
|
|
958 | 963 | userAgent.AppendLiteral(SPOOFED_HTTP_UA_OS);
|
959 | 964 | } else {
|
960 | 965 | userAgent.AppendLiteral(SPOOFED_UA_OS);
|