[tbb-bugs] #26146 [Applications/Tor Browser]: Setting `general.useragent.override` does not spoof the platform part anymore in ESR 60 which is confusing

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 12 19:53:51 UTC 2018 

#26146: Setting `general.useragent.override` does not spoof the platform part
anymore in ESR 60 which is confusing
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_information
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff60-esr, tbb-fingerprinting-os,     |  Actual Points:
  tbb-8.0-issues                                 |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by fufufu):

 Replying to [comment:40 tom]:

 > Anything that triggers a conditional load based on the size of other
 objects could be used to communicate it back. But it's more work and not
 as fun to program so I'm not surprised it's not common in POCs.
 >
 > A CSS trick to do this would be something like
 https://arthuredelstein.github.io/tordemos/media-query-fingerprint.html
 but I bet you can d the same in canvas and in SVG.
 >
 > Besides Fonts, another JS-free ways to detect platform could be media
 support/streaming. But yea, without using JS it definetly gets tougher.
 (There are a lot more network-level tricks that Tor is immune to but
 affects Firefox.)

 Well this is probably another dumb question, but is there any reason that
 all platforms can't ship the same fonts? Or would the differences in
 rendering them between the various platforms make this pointless anyway?

 Also I'm curious about how you use media streaming to detect the OS. Is
 the way the video is rendered, detection of the audio/video interface
 names, or what?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26146#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list