Closed Bug 1511434 Opened 6 years ago Closed 5 years ago

privacy.resistFingerprinting: Change spoofed OS version to Windows 10 and macOS 10.14

Categories

(Core :: DOM: Security, enhancement, P2)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox-esr60 --- wontfix
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- fixed

People

(Reporter: cpeterson, Assigned: cpeterson)

References

(Blocks 1 open bug)

Details

(Whiteboard: [tor][fingerprinting][domsecurity-active][fp-triaged])

Attachments

(3 files)

Bug 1511434 - Part 1: resistFingerprinting: Spoof Windows OS version 10.0. r?tjr
47 bytes, text/x-phabricator-request
Details | Review
Bug 1511434 - Part 2: resistFingerprinting: Spoof macOS version 10.14 Mojave. r?tjr
47 bytes, text/x-phabricator-request
Details | Review
Bug 1511434 - Part 3: resistFingerprinting: Spoof Android OS version 8.1 (Oreo). r?tjr
47 bytes, text/x-phabricator-request
Details | Review 
Since the week of October 21-27, more Firefox users are now running Windows 10 (40.696%) than Windows 7 (40.401%). See the "Operating System" graph in the Firefox Hardware Report:

https://data.firefox.com/dashboard/hardware

If we want resistFingerprinting users to blend into the most common user cohort, we should change SPOOFED_UA_OS and SPOOFED_OSCPU from Windows 7 (NT 6.1) to Windows 10 (NT 10.0):

https://searchfox.org/mozilla-central/rev/8f0db72fb6e35414fb9a6fc88af19c69f332425f/toolkit/components/resistfingerprinting/nsRFPService.h#25,27

https://searchfox.org/mozilla-central/rev/8f0db72fb6e35414fb9a6fc88af19c69f332425f/browser/components/resistfingerprinting/test/browser/browser_navigator.js#34,41
Around the same time, Microsoft announced that "based on Microsoft's data, we can see that there are now more devices in the enterprise running Windows 10 than any other previous version of Windows."

https://arstechnica.com/gadgets/2018/10/half-of-enterprise-machines-run-windows-10-as-windows-7s-end-of-life-looms/
Also, should nsXPLookAndFeel's stand-in colors be updated from the Windows 7 Aero theme (and Mac OS X 10.7 Lion) colors to Windows 10 (and macOS 10.14 Mojave) colors? See bug 232227.

https://searchfox.org/mozilla-central/rev/8f0db72fb6e35414fb9a6fc88af19c69f332425f/widget/nsXPLookAndFeel.cpp#617-618
See Also: → 232227
We shouldn't change the spoofed macOS version from 10.13 High Sierra [1] to 10.14 Mojave yet, however, because 10.13 market share is still 45.44% and 10.14 is just 11.14% (according to [2] and [3]).

[1] https://searchfox.org/mozilla-central/rev/8f0db72fb6e35414fb9a6fc88af19c69f332425f/toolkit/components/resistfingerprinting/nsRFPService.h#30,32
[2] https://www.statista.com/statistics/944559/worldwide-macos-version-market-share/
[3] http://gs.statcounter.com/macos-version-market-share/desktop/worldwide
I wonder if we could get away with spoofing the OS version even when privacy.resistFingerprinting = false. Websites may need the OS name to show appropriate product downloads or keyboard shortcuts, but when is OS *version* useful? WebKit tried to freeze UA OS version [1] but backed it out two months later [2]. I'm curious what changed their mind. How often do websites need to work around an OS bug?

On macOS, Chrome's and WebKit's UAs include major/minor/patch numbers ("Mac OS X 10_14_1"), but Firefox has gotten by with just major/minor ("Mac OS X 10.14"). And now that Windows 10 is the "last" version of Windows, there is no easy way for a website to differentiate between the 7+ releases of Windows 10. Chrome, Edge, and Firefox all expose only "Windows NT 10.0".

[1] https://bugs.webkit.org/show_bug.cgi?id=180365
[2] https://bugs.webkit.org/show_bug.cgi?id=182629
Also fix comment spelling of operating system names "macOS" and "Windows" and make resistFingerprinting test "use strict" JavaScript.
Slightly OT: We can open a new ticket, just let me know, but we also need to look at the version number. Currently it is 60 + multiples of seven. But the next ESR seems to be 68 (and after that I have no idea), see https://wiki.mozilla.org/Release_Management/Calendar . We need to check what the next ESR is, and if required, change the algorithm. That should technically be done **before** 67 hits nightly (otherwise Nightly users will have three releases of being out of sync with stable UA spoofing). Hope that made sense.
See Also: → 1511763
(In reply to Simon Mainey from comment #7)
> Slightly OT: We can open a new ticket, just let me know, but we also need to
> look at the version number. Currently it is 60 + multiples of seven. But the
> next ESR seems to be 68 (and after that I have no idea), see
> https://wiki.mozilla.org/Release_Management/Calendar . We need to check what
> the next ESR is, and if required, change the algorithm. That should
> technically be done **before** 67 hits nightly (otherwise Nightly users will
> have three releases of being out of sync with stable UA spoofing). Hope that
> made sense.

I filed bug 1511763 to track that issue.

I'll confirm the Firefox Release Management team that 68 is the next ESR version version and whether subsequent ESR versions will still be every +7 Firefox releases.
Assignee: nobody → cpeterson
Priority: -- → P3
Hm. Landing this will diverge RFP users from TB users. This probably doesn't matter in the navigator object, where they will be apparently different via other JS fingerprinting techniques, but it would matter for HTTP Header logs.

Perhaps we should wait to land this until we begin the next ESR cycle? Arthur, what do you think?
Flags: needinfo?(arthuredelstein)
(In reply to Tom Ritter [:tjr] from comment #9)
> Perhaps we should wait to land this until we begin the next ESR cycle?

No problem. If you are OK with the code change itself, I can just set a calendar reminder to land the change when the next ESR Nightly cycle begins (current documented as Firefox Nightly 68 starting on 2019-03-11).

https://wiki.mozilla.org/Release_Management/Calendar#Future_branch_dates

At that time, we can also change the spoofed macOS version from 10.13 High Sierra to 10.14 Mojave. Extrapolating from this Statcounter graph, Mojave should overtake High Sierra in ~January 2019:

http://gs.statcounter.com/macos-version-market-share/desktop/worldwide
> Firefox users are now running Windows 10 (40.696%) than Windows 7 (40.401%). See the "Operating System" graph in the Firefox Hardware Report

Can we trust this reports?

1 Users of 10 are less privacy-caring than users of 7. Though some 7 updates cointain telemetry, one can not to install them to keep telemetry away from own PC. So what if there are more users of 7 than users of 10, but the users of 7 just have disabled FF telemetry? IMHO users OK with the approach used in 10 gonna like Chrome more :(

2 What if someone have written a bot feeding the fake data to your telemetry system in order to trick you into switching it in order to make users tracking easier?
Status: NEW → ASSIGNED
Whiteboard: [tor][fingerprinting] → [tor][fingerprinting][domsecurity-active]
(In reply to Chris Peterson [:cpeterson] from comment #10)
> (In reply to Tom Ritter [:tjr] from comment #9)
> > Perhaps we should wait to land this until we begin the next ESR cycle?
> 
> No problem. If you are OK with the code change itself, I can just set a
> calendar reminder to land the change when the next ESR Nightly cycle begins
> (current documented as Firefox Nightly 68 starting on 2019-03-11).

We talked about this today and would like to wait until the next ESR; yes.



(In reply to KOLANICH from comment #11)
> > Firefox users are now running Windows 10 (40.696%) than Windows 7 (40.401%). See the "Operating System" graph in the Firefox Hardware Report
> 
> Can we trust this reports?

In general, the goal of Resist Fingerprinting is not to make users appear like anyone else in particular, but to make them all appear like each other.  It's possible that our percentages are off and there are in fact more users on Windows 7 than Windows 10. But the consequences of being wrong are not very large; so when the data indicates we can switch over, and someone does all the work to do so, I see little reason not to take advantage of it.
Flags: needinfo?(arthuredelstein)
(In reply to Tom Ritter [:tjr] from comment #12)
> We talked about this today and would like to wait until the next ESR; yes.

SGTM

Mike Kaply confirmed that the next ESR will be version 68 (as currently documented on the Release Calendar wiki [1]), so I will submit this Windows 10 patch (plus a macOS 10.14 patch) for re-review when 68 Nightly starts on 2019-03-11.

[1] https://wiki.mozilla.org/Release_Management/Calendar#Future_branch_dates
status-firefox66: --- → wontfix
This bug is important to Tor Browser. Let's set it as P2.
Priority: P3 → P2
Whiteboard: [tor][fingerprinting][domsecurity-active] → [tor][fingerprinting][domsecurity-active][fp-triaged]

(In reply to Chris Peterson [:cpeterson] from comment #13)

... for re-review when 68 Nightly starts...

bumping, in case you forgot this :)

(In reply to Simon Mainey from comment #15)

(In reply to Chris Peterson [:cpeterson] from comment #13)

... for re-review when 68 Nightly starts...

bumping, in case you forgot this :)

Thanks. I was rebasing my patches just today and will ask for re-review soon.

status-firefox67: --- → wontfix
status-firefox68: --- → affected
status-firefox-esr60: --- → wontfix
Attachment #9029168 - Attachment description: Bug 1511434 - resistFingerprinting: Spoof Windows OS version 10.0. r?tjr → Bug 1511434 - Part 1: resistFingerprinting: Spoof Windows OS version 10.0. r?arthuredelstein

Green Try run:

https://treeherder.mozilla.org/#/jobs?repo=try&revision=ef63a82e9cf085a2c84cddbd7aef322d6a09de28

We don't need to update Android's spoofed OS version because Android 6.0 Marshmallow (from 2015!) is still the most common Android version at 21.3%.

https://developer.android.com/about/dashboards/

OS: Windows → Unspecified
Summary: privacy.resistFingerprinting: Change spoofed Windows OS version to Windows 10 (NT 10.0) → privacy.resistFingerprinting: Change spoofed OS version to Windows 10 and macOS 10.14

bump ... "don't miss the boat"

Arthur, are you the right person to review these resistFingerprinting patches? tjr is on leave at the moment. I'd like to land these patches in Firefox 68 Nightly because 68 is the next ESR version.

Flags: needinfo?(arthur)

bump! I'm starting to get nervous...

Arthur says that tjr is back and can review these patches.

Flags: needinfo?(arthur)
Attachment #9029168 - Attachment description: Bug 1511434 - Part 1: resistFingerprinting: Spoof Windows OS version 10.0. r?arthuredelstein → Bug 1511434 - Part 1: resistFingerprinting: Spoof Windows OS version 10.0. r?tjr
Attachment #9052793 - Attachment description: Bug 1511434 - Part 2: resistFingerprinting: Spoof macOS version 10.14 Mojave. r?arthuredelstein → Bug 1511434 - Part 2: resistFingerprinting: Spoof macOS version 10.14 Mojave. r?tjr

??? TBD: Should we go ahead and spoof 9.0 now instead of 8.1? Tor and Fennec will use the ESR 68 branch until mid-2020.

Google hasn't released new Android OS market share data since 2018-10-26 [1], but StatCounter reports [2] that Android 8.1 (Oreo) is currently the most common OS version (at about 19%). However, Android 9.0 (Pie) is quickly rising (currently at 11%) and appears likely to overtake 8.1 by mid-2019.

[1] https://developer.android.com/about/dashboards/
[2] http://gs.statcounter.com/android-version-market-share/mobile/worldwide/#monthly-201803-201904

Depends on D24476

Pushed by cpeterson@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/bf91e3d1fcb5
Part 1: resistFingerprinting: Spoof Windows OS version 10.0. r=tjr
https://hg.mozilla.org/integration/mozilla-inbound/rev/fcf0867ec1cc
Part 2: resistFingerprinting: Spoof macOS version 10.14 Mojave. r=tjr
https://hg.mozilla.org/integration/mozilla-inbound/rev/f72b69b07dd6
Part 3: resistFingerprinting: Spoof Android OS version 8.1 (Oreo). r=tjr
Blocks: 1635011
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: