[tbb-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Sep 8 20:32:45 UTC 2018 

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
---------------------------------------------+--------------------------
 Reporter:  gk                               |          Owner:  tbb-team
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+--------------------------

Comment (by temp123):

 Replying to [comment:23 gk]:
 > The slider is for adjusting the *security* against *browser
 exploitation*.

 https://tb-manual.torproject.org/en-US/security-slider.html

 > Tor Browser includes a “Security Slider” that lets you increase your
 security by disabling certain web features that can be used to attack your
 security **and anonymity**.

 It would make sense to leave general.useragent.override as is and set
 privacy.resistFingerprinting to false when the security slider is moved to
 "Safest".

 Reasoning:
 - A user-agent which differs from general.useragent.override is an
 anonymity issue
 - Javascript is disabled when security slider is moved to "Safest"
 - privacy.resistFingerprinting deals with privacy issues which are
 relevant only when javascript is enabled

 This would give those who want to trade a bit of anonymity and security
 for a better browsing experience the option while not affecting those who
 want the highest/safest level of anonymity security.

 Also, this would not silently change the user-agent on update of those who
 have already moved the slider to "Safest", which is what prompted my
 previous ticket. https://trac.torproject.org/projects/tor/ticket/27495

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26146#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list