[tor-commits] [Git][tpo/applications/mullvad-browser][mullvad-browser-128.1.0esr-14.0-1] 2 commits: fixup! Bug 40309: Avoid using regional OS locales

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Mon Aug 12 09:55:17 UTC 2024 


Pier Angelo Vendrame pushed to branch mullvad-browser-128.1.0esr-14.0-1 at The Tor Project / Applications / Mullvad Browser


Commits:
94b53ebc by Pier Angelo Vendrame at 2024-08-12T11:51:21+02:00
fixup! Bug 40309: Avoid using regional OS locales

Bug 42349: Change the RFPTarget in the region spoofing.

One of our patches makes sure that when spoof English is not in use, we
report the same locale as the app language, instead of reporting the OS
locale (which is Firefox's default behavior when the app and OS
languages are the same).

When rebasing onto 128, we broke this patch because we had to specify
an RFPTarget, and I chose RFPTarget::JSLocale.
This is the only target that can be disabled even when running RFP
instead of FFP, because it is controlled by privacy.spoof_english.

- - - - -
8904c0be by Pier Angelo Vendrame at 2024-08-12T11:51:22+02:00
fixup! Firefox preference overrides.

Add some notes about live-reload, discovered while investigating some
localization issues.

- - - - -


2 changed files:

- browser/app/profile/001-base-profile.js
- intl/locale/LocaleService.cpp


Changes:

=====================================
browser/app/profile/001-base-profile.js
=====================================
@@ -622,6 +622,9 @@ pref("corroborator.enabled", false);
 
 // tor-browser#41417: do not allow live reload until we switch to Fluent and
 // stop using .textContent.
+// Even after that, it might be a good idea to keep it off, as it is not handled
+// very well, and it might give a window during which websites could fingerprint
+// the change (see tor-browser#42349 and tor-browser#42771).
 pref("intl.multilingual.liveReload", false);
 
 // Enable URL query stripping to protect against cross-site tracking (tor-browser#41092)


=====================================
intl/locale/LocaleService.cpp
=====================================
@@ -485,10 +485,12 @@ LocaleService::GetAppLocaleAsBCP47(nsACString& aRetVal) {
 
 NS_IMETHODIMP
 LocaleService::GetRegionalPrefsLocales(nsTArray<nsCString>& aRetVal) {
+  // tor-browser#42349, #42771: We cannot use JSLocale because it is spoof
+  // English. So, we use another target for now.
   if (nsContentUtils::ShouldResistFingerprinting(
           "This is probably a patch that should be refined. But to get the "
           "build going, we just keep applying this generic check.",
-          RFPTarget::JSLocale)) {
+          RFPTarget::JSDateTimeUTC)) {
     GetAppLocalesAsBCP47(aRetVal);
     return NS_OK;
   }



View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/cf53e4fd10d1167af5d046542c7ef48a6250985e...8904c0be4c41aa3e03bdf06a8290ff2bbb9713fe

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/compare/cf53e4fd10d1167af5d046542c7ef48a6250985e...8904c0be4c41aa3e03bdf06a8290ff2bbb9713fe
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20240812/c68b4465/attachment-0001.htm>

More information about the tor-commits mailing list