1873273 - Freeze UA string and navigator.platform on 32-bit x86 Linux to match Chrome's frozen navigator.platform ("Linux x86_64")

Status: RESOLVED FIXED

(Core :: Networking: HTTP, enhancement, P3)

Description

[Chris Peterson [:cpeterson]]

After the Firefox download page is updated to direct Linux users to .deb files instead of our installer binaries (bugs https://github.com/mozilla/bedrock/issues/12966 and https://github.com/mozilla/bedrock/issues/14012), we can make 32-bit x86 Linux report also its CPU architecture as "Linux x86_64". This will match the behavior of ARM64 Linux bug 1861847 and Chrome: https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-5

Goals:

1. Reduce fingerprintable entropy exposed to web content.
2. Reduce risk of webcompat problems from unexpected CPU architectures.

Comment 1

[Chris Peterson [:cpeterson]]

The Firefox download page has been updated to ask the user if they would like to download an x86 or x86_64 build:

https://github.com/mozilla/bedrock/pull/14096

Thus, this bug can be fixed now that the download page will no longer automatically serve x86_64 builds to x86 visitors if their UA strings say "Linux x86_64".

Comment 2

[Chris Peterson [:cpeterson]]

Attachment: Bug 1873273 - Report non-x86_64 CPUs (including 32-bit x86) as "x86_64" in Linux User-Agent. r?#necko-reviewers

This will match the behavior of ARM64 Linux (bug 1861847) and Chrome reporting their CPU architecture as "Linux x86_64": https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-5

Goals:

1. Reduce fingerprintable entropy exposed to web content. Few websites should need to distinguish 32-bit x86 Linux users from x86_64 Linux users. One of the few that did was Mozilla's own Firefox download page and it has now been updated to use distro packages instead of sniffing the UA string to offer Mozilla's architecture-specific installer binaries. (See bugs https://github.com/mozilla/bedrock/issues/12966 and https://github.com/mozilla/bedrock/issues/14012.)

2. Reduce risk of webcompat problems from websites not recognizing unexpected CPU architectures. (Example: in bug 1861847, YouTube treated ARM64 Linux as a mobile device)

This "freezeCpu" pref controls this UA string code path:

https://searchfox.org/mozilla-central/rev/1f27a4022f9f1269d897526c1c892a57743e650c/netwerk/protocol/http/nsHttpHandler.cpp#931-937

The UA string tests already check the "freezeCpu" pref to test for either "Linux x86_64" or the actual CPU architecture:

https://searchfox.org/mozilla-central/rev/f602853ba8d55ba157e2a74d9b571615f6ed97b8/browser/components/resistfingerprinting/test/browser/browser_navigator.js#41-47,51

Comment 3

[Chris Peterson [:cpeterson]]

Too late for Fx 126. Targeting Fx 127.

Comment 4

[Pulsebot]

Pushed by cpeterson@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/9bbef5e02e7a
Report non-x86_64 CPUs (including 32-bit x86) as "x86_64" in Linux User-Agent. r=necko-reviewers,kershaw

Comment 5

[Cosmin Sabou [:CosminS]]

https://hg.mozilla.org/mozilla-central/rev/9bbef5e02e7a

Comment 6

[Chris Peterson [:cpeterson]]

Release Note Request (optional, but appreciated)
[Why is this notable]: This change is a small improvement in desktop Linux user privacy and might fix some webcompat issues, but it also has a risk of introducing new webcompat issues.
[Affects Firefox for Android]: No. Only desktop Linux is affected.
[Suggested wording]: To reduce user fingerprinting information and the risk of some website compatibility issues, report 32-bit x86 Linux's CPU architecture as "x86_64" in Firefox's User-Agent string and navigator.platform and navigator.oscpu Web APIs.
[Links (documentation, blog post, etc)]:

Comment 7

[Pascal Chevrel:pascalc]

Note added to our 127 nightly release notes:
https://www.mozilla.org/en-US/firefox/127.0a1/releasenotes/