[tbb-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 10 06:40:50 UTC 2018 

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
---------------------------------------------+--------------------------
 Reporter:  gk                               |          Owner:  tbb-team
     Type:  defect                           |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Applications/Tor Browser         |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os  |  Actual Points:
Parent ID:                                   |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+--------------------------

Comment (by gk):

 Replying to [comment:25 temp123]:
 > Replying to [comment:23 gk]:
 > > The slider is for adjusting the *security* against *browser
 exploitation*.
 >
 > https://tb-manual.torproject.org/en-US/security-slider.html
 >
 > > Tor Browser includes a “Security Slider” that lets you increase your
 security by disabling certain web features that can be used to attack your
 security **and anonymity**.

 Yes, security breaches may easily affect your anonymity (Tor's protections
 can bypassed that way) which is why both concepts are used in the same
 sentence. It has nothing to do with fingerprinting resistance here. If you
 feel that's not clear enough please file a ticket at this bug tracker so
 we can clarify our manual.

 > It would make sense to leave general.useragent.override as is and set
 privacy.resistFingerprinting to false when the security slider is moved to
 "Safest".
 >
 > Reasoning:
 > - A user-agent which differs from general.useragent.override is an
 anonymity issue
 > - Javascript is disabled when security slider is moved to "Safest"
 > - privacy.resistFingerprinting deals with privacy issues which are
 relevant only when javascript is enabled

 `privacy.resistFingerprinting` deals with way more than the user agent but
 more importantly even if you have JavaScript disabled then you are *not*
 safe against fingerprinting risks. That ship has sailed long ago as the
 web has gotten more powerful over the years.

 > This would give those who want to trade a bit of anonymity and security
 for a better browsing experience the option while not affecting those who
 want the highest/safest level of anonymity and security.

 I think you are misunderstanding something here: Tor Browser's privacy
 guarantees hold for everyone. It's the security side that some of our
 users need/want to adjust to their specific needs.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26146#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list