[tor-bugs] #20025 [Applications/Tor Browser]: document.characterSet enables fingerprinting of localization (only with HSTS?)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 2 07:11:01 UTC 2019
#20025: document.characterSet enables fingerprinting of localization (only with
HSTS?)
---------------------------------------+--------------------------
Reporter: dcf | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-fingerprinting-locale | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------------------+--------------------------
Comment (by Thorin):
There's an error in my spreadsheet... `hu` and `pl` are the same, but I
said they were different.. so that's one less bucket. But, I tested all
the legacy fallback options available in Firefox, and `ko` returns `EUC-
KR`, so I would expect that to be the same in TB.
There are 14 values in the UI legacy fallback coimbox, they are
- https://dxr.mozilla.org/mozilla-
central/source/browser/components/preferences/fonts.xul#256
{{{
arabic - windows-1256
baltic - windows-1257
central european, ISO - ISO-8859-2
central european, Microsoft - windows-1250
chinese, simpliflied - GBK
chinese, traditional - Big5
cyrillic - windows-1251
greek - ISO-8859-7
hebrew - windows-1255
japanese - Shift_JIS
korean - EUC-KR
thai - windows-874
turkish - windows-1254
vietnamese - windows-1258
}}}
as well as "default for current locale", which would cover any others, I
guess (IANA expert) - e.g I am not sure what happens with Lithuanian,
Malay: but Thai would leak as `windows-874`
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20025#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list