[tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 30 00:54:26 UTC 2014
#10703: Fallback charset enables fingerprinting of bundle localization
-------------------------+-------------------------------------------------
Reporter: dcf | Owner: mikeperry
Type: defect | Status: needs_review
Priority: normal | Milestone:
Component: | Version:
TorBrowserButton | Keywords: tbb-fingerprinting, tbb-pref,
Resolution: | MikePerry201401R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by dcf):
There is a question of whether we should set the default to
[https://en.wikipedia.org/wiki/Utf-8 UTF-8] or
[https://en.wikipedia.org/wiki/Windows-1252 Windows-1252]. I would
normally say, "just use UTF-8," but I read https://developer.mozilla.org
/en-
US/docs/Localizations_and_character_encodings#Specifying_the_fallback_encoding:
> In order to avoid the problem of Web authors creating new UTF-8 content
without declaring that the content uses UTF-8 and in order to maximize the
ability of users to read content cross-locale, ''do not'' set the fallback
encoding to UTF-8 for any newly-introduced localization.
and
> When in doubt, use windows-1252 as the fallback encoding.
Still, my recommendation is to use UTF-8. Mozilla wants to encourage
authors to declare their encodings, but that's not our goal. The effect of
choosing one over the other is probably small anyway. The choice only
affects web pages that do not declare their encoding, and UTF-8 and
Windows-1252 are the same in the first 128 code points, I think.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10703#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list