[tbb-bugs] #30427 [Applications/Tor Browser]: Tor Bowser locale can be detected with FTP

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 7 11:54:05 UTC 2019

#30427: Tor Bowser locale can be detected with FTP
     Reporter:  gk                        |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  High                      |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-fingerprinting
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
 xiaoyinl reported on HackerOne that the Tor Browser locale can be detected
 with FTP:
 If a visitor navigates to a directory on a FTP server, Tor Browser shows a
 page displaying the directory tree. However, the source code of this page
 is generated by Tor Browser, rather than the server, because an FTP server
 only sends file info and the browser displays it in a nice format.
 Moreover, the FTP directory page is localized, even if the user has chosen
 not to reveal his/her UI language, i.e. privacy.spoof_english == 2.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30427>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list