Closed Bug 1459089 Opened 6 years ago Closed 6 years ago

Even when resistFingerprinting is enabled, FF leaks the OS locale in the accept headers

Categories

(Firefox for Android Graveyard :: General, defect)

Product:
Firefox for Android Graveyard
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox62 fixed)

Status:
RESOLVED FIXED
Milestone:
Firefox 62
Tracking Flags:
Tracking Status
firefox62 --- fixed

People

(Reporter: igt0, Assigned: igt0)

References

(Blocks 1 open bug)

Details

(Whiteboard: [fingerprinting])

Attachments

(1 file)

0001-Bug-1459089-Don-t-use-OS-Locale-when-resistFingerpri.patch
1.01 KB, patch
mcomella
: review+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180326160923

Steps to reproduce:

1. Go to about:config
2. Change the privacy.resistFingerprinting preference to true
3. Go to the android Input & Language settings
4. Change the language


Actual results:

The HTTP Accept-Language header adds the OS Language.


Expected results:

The HTTP Accept-Language header should not change based on OS values.

        Attachment #8973081 -
        Flags: review?(michael.l.comella)

    
  
Flags: needinfo?(michael.l.comella)

    
    

    
  
I'll get to this as soon as I can but I'll be at Google IO this week: only a r? is necessary.
Flags: needinfo?(michael.l.comella)

    
  
Flags: needinfo?(nchen)

    
    

    
  
Comment on attachment 8973081 [details] [diff] [review]
0001-Bug-1459089-Don-t-use-OS-Locale-when-resistFingerpri.patch

Review of attachment 8973081 [details] [diff] [review]:
-----------------------------------------------------------------

When resistFingerprinting is set, this change prevents `osLocale` from being appended to `chosen` via `unshift`, which prevents it from getting set into the `intl.accept_languages` preference: this seems reasonable to me.

I don't know that it guarantees that it's not sent with the Accept header but if it works for you, it works for me! :)

I apologize for taking so long to get back to you, Igor. If this happens again (which I will try my best to avoid), please feel free to ping me on IRC to remind me to review it!

        Attachment #8973081 -
        Flags: review?(michael.l.comella) → review+
Blocks: uplift_tor_fingerprinting
Whiteboard: [fingerprinting]

    
    

    
  
Pushed by rgurzau@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/a25b2c7238f4
Don't use OS Locale when resistFingerprinting is enabled. When the OS Locale is used, it leaks the OS language in the HTTP Accept-Language header. r=mcomella
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/a25b2c7238f4
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago

          status-firefox62:
          --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 62
Product: Firefox for Android → Firefox for Android Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: