Closed
Bug 1409269
Opened 7 years ago
Closed 6 years ago
spoofed useragent from privacy.resistfingerprinting conflicts with OS revealed by TCP/IP fingerprinting
Categories
(Core :: DOM: Security, defect, P5)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
People
(Reporter: leogecko, Unassigned)
References
Details
(Whiteboard: [fingerprinting][domsecurity-backlog])
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20100101
Steps to reproduce:
Set "privacy.resistFingerprinting" to true. Run the IP address leak test at Browserleaks.com (https://browserleaks.com/ip). Create the hidden preference "general.useragentoverride" by setting it to any useragent other than for a Windows OS version.
Actual results:
The browserleaks test shows that the useragent is "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0", and it shows that the operating system being used is "Linux 3.11 and newer." The former is spoofed (from privacy.resistfingerprinting), and the OS is what my computer actually is. The two conflict.
Expected results:
There should be an override that allows the spoofed useragent to be changed to a useragent that is based on Linux 3.11 and newer. By restricting the default useragent to Windows, TCP/IP fingerprinting easily reveals the spoofed useragent. The hidden preference "general.useragentoverride" cannot override it. Scrubbing TCP/IP fingerprinting isn't a viable option for recent Linux versions, so a plausible useragent spoof is needed.
Updated•7 years ago
|
Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Updated•7 years ago
|
Updated•7 years ago
|
Whiteboard: [fingerprinting]
Updated•7 years ago
|
Priority: -- → P5
Whiteboard: [fingerprinting] → [fingerprinting][domsecurity-backlog]
Comment 1•6 years ago
|
||
Is this no longer an issue since Bug 1404608 landed? Or did we want to keep it open for consideration for non-Windows/OSX/Android/Linux platforms (we only allow four platform variables)?
Flags: needinfo?(tom)
Updated•6 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(tom)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•