[tor-bugs] #13398 [Applications/Tor Browser]: at startup, browser gleans user FULL NAME (real name, given name) from O/S
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 11 14:35:57 UTC 2017
#13398: at startup, browser gleans user FULL NAME (real name, given name) from O/S
--------------------------------------+--------------------------
Reporter: zinc | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by mcs):
* severity: => Normal
Old description:
> (Reporting against Tor Browser 3.6.6, but this is a longstanding issue
> which affects all versions of the browser.)
>
> At each startup, code within nsUserInfoWin.cpp
> (see also: nsUserInfoUnix.cpp, nsUserInfoOS2.cpp, nsUserInfoMac.mm)
> scrapes user's FULL NAME (real name, given name) from the operating
> system
> and retains this in memory, stored to a constant, throughout the browser
> session.
>
> Additionally, the browser scrapes user's windows login username (and
> windows domain) along with his/her email address (if present, filled in
> within user's windows user account details). These personal details are
> similarly stored by the browser throughout the life of each browsing
> session.
>
> This privacy-infringing behavior is unconditional ~~ no user_pref is
> available to prevent it.
>
> In researching "How dare they?!?" I gathered that this behavior exists
> because Firefox shares a codebase with Thunderbird, and back in the day
> someone thought it would be "kewl" for a Thunderbird user to find that
> the system magically knows his/her details when setting up a new TB
> account...
>
> If challenged to prove/demonstrate where these details are ever "leaked"
> by the browser, I cannot. However, these personal details are accessible
> to any extension (or out-of-band Mozilla update) and therefore are
> subject to exfiltration.
New description:
(Reporting against Tor Browser 3.6.6, but this is a longstanding issue
which affects all versions of the browser.)
At each startup, code within nsUserInfoWin.cpp
(see also: nsUserInfoUnix.cpp, nsUserInfoOS2.cpp, nsUserInfoMac.mm)
scrapes user's FULL NAME (real name, given name) from the operating system
and retains this in memory, stored to a constant, throughout the browser
session.
Additionally, the browser scrapes user's windows login username (and
windows domain) along with his/her email address (if present, filled in
within user's windows user account details). These personal details are
similarly stored by the browser throughout the life of each browsing
session.
This privacy-infringing behavior is unconditional — no user_pref is
available to prevent it.
In researching "How dare they?!?" I gathered that this behavior exists
because Firefox shares a codebase with Thunderbird, and back in the day
someone thought it would be "kewl" for a Thunderbird user to find that the
system magically knows his/her details when setting up a new TB account...
If challenged to prove/demonstrate where these details are ever "leaked"
by the browser, I cannot. However, these personal details are accessible
to any extension (or out-of-band Mozilla update) and therefore are subject
to exfiltration.
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13398#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list