[tbb-bugs] #20025 [Applications/Tor Browser]: document.characterSet enables fingerprinting of localization (only with HSTS?)

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 18 04:42:56 UTC 2018

#20025: document.characterSet enables fingerprinting of localization (only with
 Reporter:  dcf                       |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-fingerprinting        |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by dcf):

 Replying to [comment:3 cypherpunks]:
 > Latest Tor Browser:
 > https://www.bamsoftware.com/people.eecs.berkeley.edu/~fifield/tor20025
 > Using ambiguous bytes (#10703)        iso-8859-1
 > document.characterSet (#20025)        UTF-8
 > document.charset      UTF-8
 > document.inputEncoding        UTF-8

 cypherpunks, please also try https://people.torproject.org/~dcf/tor20025

 For me, with Tor Browser 8.0a8 en-US, I get:

 ||Using ambiguous bytes (#10703) ||iso-8859-1 ||
 ||document.characterSet (#20025) ||UTF-8 ||
 ||document.charset ||UTF-8 ||
 ||document.inputEncoding ||UTF-8 ||

 ||Using ambiguous bytes (#10703) ||iso-8859-1 ||
 ||document.characterSet (#20025) ||windows-1252 ||
 ||document.charset ||windows-1252 ||
 ||document.inputEncoding ||windows-1252 ||

 I conjectured that the difference may be because of HSTS, but that appears
 not to be the case, because bamsoftware.com has HSTS.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20025#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list