Closed Bug 1509829 Opened 6 years ago Closed 6 years ago

privacy.resistFingerprinting: UA header, upstream Tor 26146

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Version:
65 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox-esr60 66+ fixed
firefox64 --- wontfix
firefox65 --- wontfix
firefox66 --- fixed

People

(Reporter: thorin, Assigned: tjr)

References

(Blocks 1 open bug, Regressed 2 open bugs)

Details

(Whiteboard: [tor][fingerprinting][domsecurity-backlog1][fp-triaged])

Attachments

(3 files, 1 obsolete file)

UserAgent-comparison.png
38.30 KB, image/png
Details
Bug 1509829 - Spoof OS in HTTP User-Agent header for desktop platforms r?baku
13.87 KB, patch
baku
: review+
timhuang
: review+
Details | Diff | Splinter Review
Bug 1509829 - Spoof OS in HTTP User-Agent header for desktop platforms r=timhuang,baku (esr60)
13.77 KB, patch
RyanVM
: approval-mozilla-esr60+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 Steps to reproduce: Tor Browser patched the User Agent header from a hard coded limit of four OSes (Windows, Android, Mac, Linux) [see 1], to two (Windows & Android) [see 2] They did not change the JS navigator object. This was to reduce entropy for Linux and Mac users via HTTP headers, but not break JS functionality It was suggested/said to upstream this patch to Firefox before the next ESR [see 3] NOTE: For some reason ESR60 branch lost the `Win64; x64 ` string (I have not confirmed this, but it did happen to Tor Browser 8 based on this branch), so assuming that should be there, lets make sure it is (yes, it is in FF63+, tested myself). But [see 4] where Tim Huang (comment3) couldn't replicate in ESR60. Someone should check ESR and decide if it's worth back porting this patch to that. [1] https://dxr.mozilla.org/mozilla-central/source/browser/components/resistfingerprinting/test/browser/browser_navigator.js#39-44 [2] https://trac.torproject.org/projects/tor/ticket/26146 [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1499478#c6 [4] https://bugzilla.mozilla.org/show_bug.cgi?id=1499478 Actual results: See attachment: which shows TBB vs FF64 (note: we still have the `Win64; x64 ` string
^^ Sorry, I only have a Windows machine, so I can't demonstrate TBB's limit to two OSes. Attachment was to show the `Win64; x64` bit.
Blocks: uplift_tor_fingerprinting
Whiteboard: [tor][fingerprinting]
Component: Untriaged → DOM: Security
Product: Firefox → Core
Priority: -- → P3
Whiteboard: [tor][fingerprinting] → [tor][fingerprinting][domsecurity-backlog1]
Whiteboard: [tor][fingerprinting][domsecurity-backlog1] → [tor][fingerprinting][domsecurity-backlog1][fp-triaged]
Tim is on top of this.
Assignee: nobody → tihuang
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

IIUC, the whole point for Tor 26146 is for fixing the keyboard shortcuts if we spoof the OS. If that so, we have another option here, we can spoof the modifier state "Meta" in MAC into a "Ctrl" state in keyboard events. With this, we can spoof the OS for not only the HTTP header but also navigator.userAgent and the keyboard shortcuts can still work.

(In reply to Tim Huang[:timhuang] from comment #4)

IIUC, the whole point for Tor 26146 is for fixing the keyboard shortcuts if we spoof the OS. If that so, we have another option here, we can spoof the modifier state "Meta" in MAC into a "Ctrl" state in keyboard events. With this, we can spoof the OS for not only the HTTP header but also navigator.userAgent and the keyboard shortcuts can still work.

Chatted with Tim about this: I am in agreement (and he had a WIP for the keyboard spoofing). However, I'm still going to submit this code for review and hopefully esr60 uplift because:

  1. It would be good to stay in sync with Tor to the extent possible
  2. We're not sure when we will get to the keyboard spoofing work (it will be several months at least)
  3. I just finished the code and I think/hope it's going to work when I test it
  4. I got called out on it over here: https://trac.torproject.org/projects/tor/ticket/26146#comment:73

So assuming there are no hiccups with my patch I will submit it soon and file a followup for the spoofing.

Assignee: tihuang → tom
Attachment #9035394 - Flags: review?(amarchesini)
Attachment #9035394 - Attachment is obsolete: true
Attachment #9035394 - Flags: review?(amarchesini)
Attachment #9035408 - Flags: review?(amarchesini)
Attachment #9035394 - Attachment is obsolete: false
Attachment #9035408 - Flags: review?(amarchesini) → review+
Attachment #9035394 - Attachment is obsolete: true

Comment on attachment 9035408 [details] [diff] [review]
Bug 1509829 - Spoof OS in HTTP User-Agent header for desktop platforms r?baku

Tim if this looks good to you, I'll send it in!

Attachment #9035408 - Flags: review?(tihuang)
Comment on attachment 9035408 [details] [diff] [review] Bug 1509829 - Spoof OS in HTTP User-Agent header for desktop platforms r?baku Review of attachment 9035408 [details] [diff] [review]: ----------------------------------------------------------------- LGTM. Thanks, Tom.
Attachment #9035408 - Flags: review?(tihuang) → review+
Keywords: checkin-needed
See Also: → 1519122

Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/dcd5dfecc7b0
Spoof OS in HTTP User-Agent header for desktop platforms r=timhuang,baku

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/dcd5dfecc7b0

Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox66: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

[ESR Uplift Approval Request]

If this is not a sec:{high,crit} bug, please state case for ESR consideration: Tor patch backport

User impact if declined: Tor will need to carry an additional patch

Fix Landed on Version: 66.0a1 / 20190110214210

Risk to taking this patch: Low

Why is the change risky/not risky? (and alternatives if risky): The code only affects the Resist Fingerprinting mode; is small, and has a test.

String or UUID changes made by this patch:

Attachment #9036571 - Flags: approval-mozilla-esr60?

I'd rather punt on this for 60.5esr so we don't ship this on esr before release. Leaving the approval request in place for 60.6.

status-firefox64: --- → wontfix
status-firefox65: --- → wontfix
status-firefox-esr60: --- → affected
tracking-firefox-esr60: --- → 66+
Comment on attachment 9036571 [details] [diff] [review] Bug 1509829 - Spoof OS in HTTP User-Agent header for desktop platforms r=timhuang,baku (esr60) Fix with a test for a feature that lives behind a pref. Reduces Tor's downstream maintenance burden. Approved for 60.6esr to ship alongside Fx66.
Attachment #9036571 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Regressions: 1610762
Regressions: 1826098
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: