[tbb-bugs] #30605 [Applications/Tor Browser]: accept-language header leaks browser localization

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 24 16:52:47 UTC 2019


#30605: accept-language header leaks browser localization
--------------------------------------+--------------------------
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by acat):

 I think what happens in desktop (with lang other than en-US) is that on
 first navigation there is the prompt asking whether to spoof to english,
 if the user accepts then it sets the `privacy.spoof_english =  2` pref.
 Then, the pref listener in
 `toolkit/components/resistfingerprinting/RFPHelper.jsm` sets the
 `intl.accept_languages = en-US,en`. In Android I don't see
 `privacy.spoof_english` is not set, and then even if set manually to 2,
 `intl.accept_languages` is not changed. I wonder what is failing here...
 Changing `intl.accept_languages = en-US,en` manually works, and then the
 `accept-language` header is spoofed correctly.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30605#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list