Closed Bug 1418672 Opened 7 years ago Closed 6 years ago

privacy.resistFingerprinting no longer spoofs browser version in FF59

Categories

(Core :: DOM: Security, defect, P1)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
firefox57 --- unaffected
firefox58 --- unaffected
firefox59 - fixed

People

(Reporter: pjohns33, Assigned: tjr)

Details

(Whiteboard: [fingerprinting] [fp-triaged][domsecurity-backlog1])

Attachments

(1 file)

Bug 1418672 In Resist Fingerprinting mode, correct the version of Firefox to spoof in 59
59 bytes, text/x-review-board-request
baku
: review+
lizzard
: approval-mozilla-beta+
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20100101

Steps to reproduce:

* Create a new profile (FF Nightly)

* Set privacy.resistFingerprinting to true via about:config

* Visit any site that tells you your UA (for example, https://www.whoishostingthis.com/tools/user-agent/)


* Bug 1415488 reported this setting leaks your UA when using http protocol; it appears to leak part of your UA via http and https in Nightly.

* NOT reproducible in Firefox 57


Actual results:

UA appears as Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

Platform has been spoofed, but the browser is being reported as Firefox/59.0


Expected results:

UA should appear as Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Status: UNCONFIRMED → NEW
Has Regression Range: --- → no
Has STR: --- → yes
status-firefox57: --- → unaffected
status-firefox58: --- → unaffected
status-firefox59: --- → affected
Component: Untriaged → DOM: Security
Ever confirmed: true
Keywords: regression, regressionwindow-wanted
Product: Firefox → Core
First of all, thanks for testing this for us. 

See [1], the user-agent is going to be spoofed as the latest ESR version and Firefox 59 would be the next ESR version. Given that your real version is 59, so I think the behavior here is correct.


[1] https://searchfox.org/mozilla-central/rev/c633ffa4c4611f202ca11270dcddb7b29edddff8/toolkit/components/resistfingerprinting/nsRFPService.cpp#188
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
(In reply to Tim Huang[:timhuang] from comment #1)
> First of all, thanks for testing this for us. 
> 
> See [1], the user-agent is going to be spoofed as the latest ESR version and
> Firefox 59 would be the next ESR version. Given that your real version is
> 59, so I think the behavior here is correct.
> 
> 
> [1]
> https://searchfox.org/mozilla-central/rev/
> c633ffa4c4611f202ca11270dcddb7b29edddff8/toolkit/components/
> resistfingerprinting/nsRFPService.cpp#188

Hi Tim,

Thanks for reply, and I apologize for the report if this is expected behavior.

It seems like the setting should spoof it as the current latest ESR version, however, doesn't it? Looking at the release calendar [1], 59 hits stable at the same time it hits ESR.  As such, come March, it makes sense for 59 to report as 59.

But for the next 4 months in Nightly, and for about 2 months in Beta, an unexpected UA will be reported.  In other words, right now a Nightly user is clearly identified as a Nightly user instead of blending in with all current Beta, Stable, and ESR users.  


[1] https://wiki.mozilla.org/RapidRelease/Calendar
Has Regression Range: no → ---
Keywords: regression, regressionwindow-wanted
(In reply to HSSKprViXd from comment #2)
> Hi Tim,
> 
> Thanks for reply, and I apologize for the report if this is expected
> behavior.
> 
> It seems like the setting should spoof it as the current latest ESR version,
> however, doesn't it? Looking at the release calendar [1], 59 hits stable at
> the same time it hits ESR.  As such, come March, it makes sense for 59 to
> report as 59.
> 
> But for the next 4 months in Nightly, and for about 2 months in Beta, an
> unexpected UA will be reported.  In other words, right now a Nightly user is
> clearly identified as a Nightly user instead of blending in with all current
> Beta, Stable, and ESR users.  
> 
> 
> [1] https://wiki.mozilla.org/RapidRelease/Calendar

I think you made an excellent point here. Yes, we should take this into account for fingerprinting resistance. So, I would suggest that the spoofed User-Agent should fallback to the previous ESR version even if it is the latest ESR version, i.e. 59 or further, for nightly and beta channel.

What do you think, Tom and Arthur.
Status: RESOLVED → REOPENED
Flags: needinfo?(tom)
Flags: needinfo?(arthuredelstein)
Priority: -- → P2
Resolution: INVALID → ---
Whiteboard: [fingerprinting] [fp-triaged]
(In reply to Tim Huang[:timhuang] from comment #3)
> (In reply to HSSKprViXd from comment #2)
> > Hi Tim,
> > 
> > Thanks for reply, and I apologize for the report if this is expected
> > behavior.
> > 
> > It seems like the setting should spoof it as the current latest ESR version,
> > however, doesn't it? Looking at the release calendar [1], 59 hits stable at
> > the same time it hits ESR.  As such, come March, it makes sense for 59 to
> > report as 59.
> > 
> > But for the next 4 months in Nightly, and for about 2 months in Beta, an
> > unexpected UA will be reported.  In other words, right now a Nightly user is
> > clearly identified as a Nightly user instead of blending in with all current
> > Beta, Stable, and ESR users.  
> > 
> > 
> > [1] https://wiki.mozilla.org/RapidRelease/Calendar
> 
> I think you made an excellent point here. Yes, we should take this into
> account for fingerprinting resistance. So, I would suggest that the spoofed
> User-Agent should fallback to the previous ESR version even if it is the
> latest ESR version, i.e. 59 or further, for nightly and beta channel.
> 
> What do you think, Tom and Arthur.

Ideally, yes, I think that would be a nice thing to do. But can it be done without hardcoding dates? I know there's a NIGHTLY_BUILD macro that could be used here, but I'm not sure if there's a corresponding BETA macro...
Flags: needinfo?(tom)
(In reply to Tom Ritter [:tjr] from comment #4)
> Ideally, yes, I think that would be a nice thing to do. But can it be done
> without hardcoding dates? I know there's a NIGHTLY_BUILD macro that could be
> used here, but I'm not sure if there's a corresponding BETA macro...

AFAIK, we can know what the current update channel is by using UpdateUtils.getUpdateChannel(). So, we don't need to hardcode dates here, but using this function to check whether it is a nightly or beta channel and fallback accordingly.
Please also note that trying to override the user agent with general.useragent.override does not work when privacy.resistFingerprinting is true.
Assignee: nobody → ettseng
Whiteboard: [fingerprinting] [fp-triaged] → [fingerprinting] [fp-triaged][domsecurity-backlog1]
(In reply to Tim Huang[:timhuang] from comment #3)
 
> I think you made an excellent point here. Yes, we should take this into
> account for fingerprinting resistance. So, I would suggest that the spoofed
> User-Agent should fallback to the previous ESR version even if it is the
> latest ESR version, i.e. 59 or further, for nightly and beta channel.
> 
> What do you think, Tom and Arthur.

Yes, I like this idea as well if it's possible.
Flags: needinfo?(arthuredelstein)
Just wanted to add that I tried to install an addon (addons.mozilla.org) and couldn't, since the privacy.resistfingerprinting setting had spoofed my version (57) to 52, and this particular addon was incompatible with version 52.
Not sure if that's something that should be considered, but figured I should post it here.
(In reply to knnf from comment #8)
> I tried to install an addon (addons.mozilla.org) and couldn't
You can still install (it's just a visual website thing, not a Firefox internal thing)
- scroll down on the left and click on "see all versions"
- right click on the greyed-out [+Add to Firefox] button and open link in a new tab

> Not sure if that's something that should be considered
See Bug 1394448
According to [1], the next ESR will be 60, not 59.

[1] https://groups.google.com/forum/#!topic/mozilla.dev.platform/VF7cEdlzRg0
^^ see Bug 1428111
Assignee: ethantseng → tom
Priority: P2 → P1
Too add to this, my platform isn't spoofed on FF 59 either. I've got `privacy.resistFingerprinting` enabled, but each site correctly identifies me as being on MacOS High Sierra. In particular, my UA is shown to be: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101 Firefox/59.0". While I understand the confusion about which version is to be the next ESR, I feel this particular quirk is a serious regression: I haven't observed this behaviour on FF 57 or 58. If it were merely a version confusion, my platform would be hidden, right?
(In reply to genghizkhan91 from comment #12)
> Too add to this, my platform isn't spoofed on FF 59 either. I've got
> `privacy.resistFingerprinting` enabled, but each site correctly identifies
> me as being on MacOS High Sierra. In particular, my UA is shown to be:
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:59.0) Gecko/20100101
> Firefox/59.0". While I understand the confusion about which version is to be
> the next ESR, I feel this particular quirk is a serious regression: I
> haven't observed this behaviour on FF 57 or 58. If it were merely a version
> confusion, my platform would be hidden, right?

We don't hide your operating system (anymore) because it was both ineffective (you could learn the OS through other means) and ir broke things.  The platform is hardcoded to a string that happens to match (or be very close) to your real system: https://searchfox.org/mozilla-central/source/toolkit/components/resistfingerprinting/nsRFPService.h#29



I hope to uplift a fix to 59 for the ESR confusion.
(In reply to Tom Ritter [:tjr] from comment #13)
> We don't hide your operating system (anymore) because it was both
> ineffective (you could learn the OS through other means) and ir broke
> things.  The platform is hardcoded to a string that happens to match (or be
> very close) to your real system:
> https://searchfox.org/mozilla-central/source/toolkit/components/
> resistfingerprinting/nsRFPService.h#29
> 
> 
> 
> I hope to uplift a fix to 59 for the ESR confusion.

Ah, so this is expected behaviour, got it. As long as it's not a bug it's fine. Thanks for clearing it up.
Comment on attachment 8952624 [details]
Bug 1418672 In Resist Fingerprinting mode, correct the version of Firefox to spoof in 59

https://reviewboard.mozilla.org/r/221864/#review229230
Attachment #8952624 - Flags: review?(amarchesini) → review+
Comment on attachment 8952624 [details]
Bug 1418672 In Resist Fingerprinting mode, correct the version of Firefox to spoof in 59

Approval Request Comment
[Feature/Bug causing the regression]: We switched ESR from 59 to 60. We had an equation in Resist Fingerprinting to calculate the ESR version based on the previous cycle.

[User impact if declined]: Users using Resist Fingerprinting in 59 will stand out. Users using Resist Fingerprinting in any other version (58, 57) will REALLY stand out.

[Is this code covered by automated tests?]: No

[Has the fix been verified in Nightly?]: Does not apply to nightly.

[Needs manual test from QE? If yes, steps to reproduce]: That would be great.

Open the web console, type navigator.userAgent and view the result, it should be 59.

Go to about:config, turn on privacy.resistFingerprinting, then get the user agent from the web console again. It should be 52.

[List of other uplifts needed for the feature/fix]: None

[Is the change risky?]: No

[Why is the change risky/not risky?]: We replace a whole bunch of code with a single constant

[String changes made/needed]: None
Attachment #8952624 - Flags: approval-mozilla-beta?
Comment on attachment 8952624 [details]
Bug 1418672 In Resist Fingerprinting mode, correct the version of Firefox to spoof in 59

Fix for fingerprinting issue, makes sense to hardcode this for one cycle since we changed the version for the next major ESR to 60. This change should make it into beta 14.
Attachment #8952624 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Status: REOPENED → RESOLVED
Closed: 7 years ago6 years ago
Resolution: --- → FIXED
Okay, fixed the test.
Flags: needinfo?(tom)
Comment on attachment 8952624 [details]
Bug 1418672 In Resist Fingerprinting mode, correct the version of Firefox to spoof in 59

https://reviewboard.mozilla.org/r/221864/#review229902


Code analysis found 1 defect in this patch:
 - 1 defect found by mozlint

You can run this analysis locally with:
 - `./mach lint path/to/file` (JS/Python)


If you see a problem in this automated review, please report it here: http://bit.ly/2y9N9Vx


::: browser/components/resistfingerprinting/test/browser/browser_navigator.js:121
(Diff revision 2)
>  add_task(async function setup() {
>    await SpecialPowers.pushPrefEnv({"set":
>      [["privacy.resistFingerprinting", true]]
>    });
>  
>    let appVersion = parseInt(Services.appinfo.version);

Error: 'appversion' is assigned a value but never used. allowed unused vars must match /^cc|ci|cu|cr|exported_symbols/. [eslint: no-unused-vars]
Status: REOPENED → RESOLVED
Closed: 6 years ago6 years ago
Resolution: --- → FIXED
I'm not sure this bug should be set as resolved yet, should it?

Based on early comments here, it seemed like there was agreement that the UA should be spoofed based on the ESR that is currently in use, not the next ESR (see comment #3).  

Unless I am misunderstanding, the fix applied here does not address that issue.  59 is now spoofed as 52, but 60 is still spoofed as 59, making Nightly users more unique.
^^ https://bugzilla.mozilla.org/show_bug.cgi?id=1428111#c3

> For those following along at home...  Bug 1418672 about Aurora/Nightly being able to spoof ESR ahead of time, was temporarily resolved with a hard code of v52 in FF59. Bug 1418162, I believe, is the ticket that will fix the Aurora/Nightly code **and** the ESR numbering

So Bug 1428111 is still open, and Bug 1418162 will allow the release channel update info to be used for Aurora/Nightly (eg subtract 1 or 2 from the real version number before using the algorithm)
(In reply to overdodactyl from comment #26)
> 59 is now spoofed as 52, but 60 is still spoofed as 59, making Nightly users more unique.

If 52 is hard coded, then 60 (and 61 in a weeks time) should spoof as 52, which is desired behavior for now. Until ESR60 lands, there is time to close the other two tickets. I have not tested the latest Nightly, I just assumed.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: