[tbb-bugs] #20025 [Applications/Tor Browser]: document.characterSet enables fingerprinting of localization (only with HSTS?)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 18 04:42:56 UTC 2018
#20025: document.characterSet enables fingerprinting of localization (only with
HSTS?)
--------------------------------------+--------------------------
Reporter: dcf | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by dcf):
Replying to [comment:3 cypherpunks]:
> Latest Tor Browser:
> https://www.bamsoftware.com/people.eecs.berkeley.edu/~fifield/tor20025
/check-charset.html
>
> Using ambiguous bytes (#10703) iso-8859-1
> document.characterSet (#20025) UTF-8
> document.charset UTF-8
> document.inputEncoding UTF-8
cypherpunks, please also try https://people.torproject.org/~dcf/tor20025
/check-charset.html.
For me, with Tor Browser 8.0a8 en-US, I get:
https://people.torproject.org/~dcf/tor20025/check-charset.html
||Using ambiguous bytes (#10703) ||iso-8859-1 ||
||document.characterSet (#20025) ||UTF-8 ||
||document.charset ||UTF-8 ||
||document.inputEncoding ||UTF-8 ||
https://people.torproject.org/~dcf/tor20025/check-charset.html
||Using ambiguous bytes (#10703) ||iso-8859-1 ||
||document.characterSet (#20025) ||windows-1252 ||
||document.charset ||windows-1252 ||
||document.inputEncoding ||windows-1252 ||
I conjectured that the difference may be because of HSTS, but that appears
not to be the case, because bamsoftware.com has HSTS.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20025#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list