Closed Bug 1873273 Opened 5 months ago Closed 2 months ago

Freeze UA string and navigator.platform on 32-bit x86 Linux to match Chrome's frozen navigator.platform ("Linux x86_64")

Categories

(Core :: Networking: HTTP, enhancement, P3)

Desktop
Linux
enhancement

Tracking

()

RESOLVED FIXED
127 Branch
Tracking Status
relnote-firefox --- 127+
firefox-esr115 --- wontfix
firefox121 --- wontfix
firefox122 --- wontfix
firefox123 --- wontfix
firefox124 --- wontfix
firefox125 --- wontfix
firefox126 --- wontfix
firefox127 --- fixed

People

(Reporter: cpeterson, Assigned: cpeterson)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

After the Firefox download page is updated to direct Linux users to .deb files instead of our installer binaries (bugs https://github.com/mozilla/bedrock/issues/12966 and https://github.com/mozilla/bedrock/issues/14012), we can make 32-bit x86 Linux report also its CPU architecture as "Linux x86_64". This will match the behavior of ARM64 Linux bug 1861847 and Chrome: https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-5

Goals:

  1. Reduce fingerprintable entropy exposed to web content.
  2. Reduce risk of webcompat problems from unexpected CPU architectures.
Status: NEW → ASSIGNED
Whiteboard: [necko-triaged]

The Firefox download page has been updated to ask the user if they would like to download an x86 or x86_64 build:

https://github.com/mozilla/bedrock/pull/14096

Thus, this bug can be fixed now that the download page will no longer automatically serve x86_64 builds to x86 visitors if their UA strings say "Linux x86_64".

Summary: Freeze UA string and navigator.platform on 32-bit x86 Linux to match Chrome's frozen navigator.platform ("Linuy x86_64") → Freeze UA string and navigator.platform on 32-bit x86 Linux to match Chrome's frozen navigator.platform ("Linux x86_64")

This will match the behavior of ARM64 Linux (bug 1861847) and Chrome reporting their CPU architecture as "Linux x86_64": https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-5

Goals:

  1. Reduce fingerprintable entropy exposed to web content. Few websites should need to distinguish 32-bit x86 Linux users from x86_64 Linux users. One of the few that did was Mozilla's own Firefox download page and it has now been updated to use distro packages instead of sniffing the UA string to offer Mozilla's architecture-specific installer binaries. (See bugs https://github.com/mozilla/bedrock/issues/12966 and https://github.com/mozilla/bedrock/issues/14012.)

  2. Reduce risk of webcompat problems from websites not recognizing unexpected CPU architectures. (Example: in bug 1861847, YouTube treated ARM64 Linux as a mobile device)

This "freezeCpu" pref controls this UA string code path:

https://searchfox.org/mozilla-central/rev/1f27a4022f9f1269d897526c1c892a57743e650c/netwerk/protocol/http/nsHttpHandler.cpp#931-937

The UA string tests already check the "freezeCpu" pref to test for either "Linux x86_64" or the actual CPU architecture:

https://searchfox.org/mozilla-central/rev/f602853ba8d55ba157e2a74d9b571615f6ed97b8/browser/components/resistfingerprinting/test/browser/browser_navigator.js#41-47,51

Too late for Fx 126. Targeting Fx 127.

Pushed by cpeterson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9bbef5e02e7a
Report non-x86_64 CPUs (including 32-bit x86) as "x86_64" in Linux User-Agent. r=necko-reviewers,kershaw
Status: ASSIGNED → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 127 Branch

Release Note Request (optional, but appreciated)
[Why is this notable]: This change is a small improvement in desktop Linux user privacy and might fix some webcompat issues, but it also has a risk of introducing new webcompat issues.
[Affects Firefox for Android]: No. Only desktop Linux is affected.
[Suggested wording]: To reduce user fingerprinting information and the risk of some website compatibility issues, report 32-bit x86 Linux's CPU architecture as "x86_64" in Firefox's User-Agent string and navigator.platform and navigator.oscpu Web APIs.
[Links (documentation, blog post, etc)]:

relnote-firefox: --- → ?
OS: Android → Linux
Hardware: Unspecified → Desktop

Note added to our 127 nightly release notes:
https://www.mozilla.org/en-US/firefox/127.0a1/releasenotes/

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: