DoH Privacy Enhancement: Do not set the User-Agent header for DoH requests
Categories
(Core :: Networking: DNS, enhancement, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox73 | --- | fixed |
People
(Reporter: n-mzbz, Assigned: valentin)
References
Details
(Whiteboard: [necko-triaged][trr])
Attachments
(1 file)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Steps to reproduce:
It is great to see that Mozilla embraced DNS privacy.
We did pretty well without sending something like
a user-agent to the DNS resolver during the last decades
of plain old DNS operations.
To avoid unnecessary disclosure of user-agent data to
the DoH server, Firefox should not set the user-agent header for DoH requests.
The user-agent header could be used to further fingerprint and track the client.
The user-agent is not required as per RFC8484 and DNS resolvers
did fine without it until now.
|
||
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
The DoH server already sees your DNS traffic and IP address, so I wouldn't be too worried about the UA string being a fingerprinting target :)
But in any case, we should probably not send it since it just adds extra useless bytes to every payload.
|
|
Assignee | |
Comment 2•5 years ago
|
||
(In reply to Valentin Gosu [:valentin] from comment #1)
But in any case, we should probably not send it since it just adds extra useless bytes to every payload.
Actually, because of HPACK that probably doesn't apply. But we should strip the UA anyway.
|
||
Comment 3•5 years ago
|
||
Can the DoH server response set cookies on the client?
|
|
Assignee | |
Comment 4•5 years ago
|
||
(In reply to Chris Peterson [:cpeterson] from comment #3)
Can the DoH server response set cookies on the client?
No. We explicitly check that we don't send any cookies for the DoH requests:
reference to similar enhancement requests (accept-language header): bug 1544724
I care about my privacy, and I would not like a DNS provider to know more about me than necessary. It is all the more fodder for tracking. So if you could find a way to disable this it would be nice. If some hints are provided I could give it a try to disable it myself. Please let me know!
I wrote a trivial patch that sets the User-Agent to 'DoH' for TRR requests. The reasoning behind setting it to DoH is that TRR is all about privacy. Previously, a DNS server had no idea what application its queries were coming from (let alone the exact version and operating system), it seems best to retain that privacy level. The patch is so trivial that I hope you can take it from here, as I am not familiar with the pull request/review/testing system of Mozilla:
--- a/netwerk/dns/TRR.cpp
+++ b/netwerk/dns/TRR.cpp
@@ -258,6 +258,10 @@ nsresult TRR::SendHTTPRequest() {
NS_LITERAL_CSTRING("application/dns-message"), false);
NS_ENSURE_SUCCESS(rv, rv);
+ rv = httpChannel->SetRequestHeader(NS_LITERAL_CSTRING("User-Agent"), NS_LITERAL_CSTRING("DoH"),
+ false);
+ NS_ENSURE_SUCCESS(rv, rv);
+
nsAutoCString cred;
gTRRService->GetCredentials(cred);
if (!cred.IsEmpty()) {
Please let me know if this works for you, or if I should familiarize myself with more of the merging ritual.
Thanks!
Instead of setting it to an arbitrary string it would be great if the UA header was not set at all.
Since agreeing on a string across DoH implementations might be harder than not setting it at all and it saves
the "extra useless bytes to every payload".
I ran for a bit without a user-agent header, but it appears to confuse some infrastructure. Some sites did not load. Not sure if it is a mandatory header.
|
Reporter | |
Comment 10•5 years ago
|
||
"Some sites did not load." suggests that you refer to non-DoH HTTP requests.
I agree that you will run into issues when browsing the web without setting a user-agent header but that should not be the case with DoH servers.
Should there be any DoH server not replying to DoH clients not setting the UA header we can tell them to fix their stuff - since it is still relatively new.
If you have specific examples of DoH servers failing without UA header, all the better.
|
||
Comment 11•5 years ago
|
||
To really remove the header would require the infrastructure that bug 1544724 also needs. I'm no HTTP-ologist, so just let me know. Once we get 1544724 done, we have options.
|
||
Updated•5 years ago
|
|
|
||
Comment 12•5 years ago
|
||
(In reply to ahu from comment #9)
I ran for a bit without a user-agent header, but it appears to confuse some infrastructure. Some sites did not load. Not sure if it is a mandatory header.
To clarify, DoH servers work fine without a User-Agent header. It is random webservers hosting websites that get confused.
|
||
Comment 13•5 years ago
|
||
Valentin, are you willing to guide comment 7 through to landing?
|
|
Assignee | |
Comment 14•5 years ago
|
||
(In reply to ahu from comment #7)
Please let me know if this works for you, or if I should familiarize myself with more of the merging ritual.
Thank you for the patch.
Normally we accept contributions in the form of phabricator review requests. Here's a short guide:
https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/How_to_Submit_a_Patch
Additionally I think a few changes are needed:
- We should clear the user agent header, not set it to
DoHwhich seems fairly arbitrary. - We should add a preference for this change. Some users might want this during testing, some DoH servers may (wrongly) fail without it.
- We should add a test for it (see test_trr.js )
Let me know if you need help with any of this.
|
|
Assignee | |
Comment 15•5 years ago
|
||
Hi, I just pushed bug 1544724. The patch here should be very similar.
Let me know if you're up for doing it. Cheers!
|
|
||
Comment 16•5 years ago
|
||
It would be an honour! Thanks for doing the hard work, I'll get on it tomorrow (Thursday).
|
|
Assignee | |
Comment 17•5 years ago
|
||
Great to have you on board :) I assigned the bug to you.
Let me know if I can help with anything.
|
|
Assignee | |
Comment 18•5 years ago
|
||
|
|
Assignee | |
Comment 19•5 years ago
|
||
Sorry for stealing the bug, but it would be nice to have it in this release.
|
||
Comment 20•5 years ago
|
||
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/77171b4cd969 DoH Privacy Enhancement: Do not set the User-Agent header for DoH requests r=dragana
|
||
Comment 21•5 years ago
|
||
| bugherder | ||
Description
•