Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:
 |  mikeperry
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  TorBrowserButton |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-fingerprinting, tbb-pref,|  Actual Points:
  MikePerry201402R   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by dcf):

 * status:  reopened => closed
 * resolution:   => fixed


Comment:

 Replying to [comment:18 xfix]:
 > The bug appears to still exist, and can be checked on
 https://hsivonen.com/test/moz/check-charset.htm

 Thanks for this. I've checked it out, and it appears to be a separate
 issue from this ticket. So I've re-closed this ticket and opened a new
 one: #20025.

 Strangely, I can only reproduce #20025 on an HTTPS server with HSTS. I
 tested several variations, including Content-Encoding, and HSTS is the
 only factor that seemed to make it work. The hsivonen.com server has HSTS.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:
 |  mikeperry
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  TorBrowserButton |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb-pref,|  Actual Points:
  MikePerry201402R   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by xfix):

 The bug appears to still exist, and can be checked on
 https://hsivonen.com/test/moz/check-charset.htm

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:
 |  mikeperry
 Type:  defect   | Status:
 |  reopened
 Priority:  Medium   |  Milestone:
Component:  TorBrowserButton |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-fingerprinting, tbb-pref,|  Actual Points:
  MikePerry201402R   |
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by xfix):

 * status:  closed => reopened
 * resolution:  fixed =>
 * severity:   => Normal


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  closed
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:  fixed|  MikePerry201402R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by dcf):

 Replying to [comment:15 mikeperry]:
 > Ok, I set intl.charset.default to windows-1252 in our prefs override
 file. This should appear first in 3.6-beta, but maybe a nightly at
 https://people.torproject.org/~linus/builds/ will appear first.

 Thanks. It occurs to me that this is one of the things that support wants
 to be advised of, because it will potentially break the rendering of some
 pages.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  closed
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:  fixed|  MikePerry201402R
Actual Points:   |  Parent ID:
   Points:   |
-+-
Changes (by mikeperry):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Ok, I set intl.charset.default to windows-1252 in our prefs override file.
 This should appear first in 3.6-beta, but maybe a nightly at
 https://people.torproject.org/~linus/builds/ will appear first.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201402R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by dcf):

 Replying to [comment:13 mikeperry]:
 > We can also remove the code that blacklists UTF-8, if you still think
 that is a better choice?

 Let's do windows-1252 for all locales. I enhanced my detector script to
 distinguish iso-8859-1 and windows-1252, and it turns out that the en-US
 default in 24ESR and 28 beta is windows-1252. windows-1252 is a superset
 of iso-8859-1, it's what Mozilla recommends for a fallback, and it's what
 their `FallbackEncoding::Get` falls back to if it can't understand the
 locale.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201402R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by mikeperry):

 We can also remove the code that blacklists UTF-8, if you still think that
 is a better choice?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201402R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by dcf):

 Replying to [comment:10 mikeperry]:
 > dcf1: Apparently post FF28, the new pref is
 "intl.charset.fallback.override". Can you check real quick if that still
 works for your tests, and either update
 https://bugzilla.mozilla.org/show_bug.cgi?id=967981, or ping back here?
 >
 > Just trying to save us a little panic around FF31esr if we merge this.

 It looks like intl.charset.fallback.override is the right preference, but
 it [http://dxr.mozilla.org/mozilla-
 central/source/dom/encoding/FallbackEncoding.cpp#51 doesn't work to set it
 to utf-8] (it only works to set it to something else like iso-8859-1).
 More below.

 I tried the ru Firefox 18 beta:
 http://download-
 installer.cdn.mozilla.net/pub/firefox/releases/28.0b1/SHA512SUMS
 http://download-
 installer.cdn.mozilla.net/pub/firefox/releases/28.0b1/SHA512SUMS.asc
 http://download-installer.cdn.mozilla.net/pub/firefox/releases/28.0b1
 /linux-x86_64/ru/firefox-28.0b1.tar.bz2

 Before changing anything, the detector finds the fallback as windows-1251,
 as expected for Russian.

 [[Image(firefox-28.0b1-virgin.png)]]

 I set intl.charset.fallback.override=utf-8:

 [[Image(firefox-28.0b1-intl.charset.fallback.override=utf-8.png)]]

 There was no change in the detection:

 [[Image(firefox-28.0b1-utf-8.png)]]

 I set intl.charset.fallback.override=iso-8859-1:

 [[Image(firefox-28.0b1-intl.charset.fallback.override=iso-8859-1.png)]]

 It caused the fallback to change to iso-8859-1. The same with iso-8859-2
 and others.

 [[Image(firefox-28.0b1-iso-8859-1.png)]]

 I found some source code that says that utf-8 is specifically blacklisted
 from being set for this preference. That makes me think we should go with
 iso-8859-1 (or windows-1252 [https://developer.mozilla.org/en-
 US/docs/Localizations_and_character_encodings#Specifying_the_fallback_encoding
 as recommended]) for 24ESR. (Note windows-125'''1''' is Russian and
 windows-125'''2''' is English/European.)

 http://dxr.mozilla.org/mozilla-
 central/source/dom/encoding/FallbackEncoding.cpp#51

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201402R
Actual Points:   |  Parent ID:
   Points:   |
-+-
Changes (by mikeperry):

 * keywords:  tbb-fingerprinting, tbb-pref, MikePerry201401R => tbb-
 fingerprinting, tbb-pref, MikePerry201402R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201401R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by mikeperry):

 dcf1: Apparently post FF28, the new pref is
 "intl.charset.fallback.override". Can you check real quick if that still
 works for your tests, and either update
 https://bugzilla.mozilla.org/show_bug.cgi?id=967981, or ping back here?

 Just trying to save us a little panic around FF31esr if we merge this.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201401R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by dcf):

 There is a question of whether we should set the default to
 [https://en.wikipedia.org/wiki/Utf-8 UTF-8] or
 [https://en.wikipedia.org/wiki/Windows-1252 Windows-1252]. I would
 normally say, "just use UTF-8," but I read https://developer.mozilla.org
 /en-
 US/docs/Localizations_and_character_encodings#Specifying_the_fallback_encoding:
 > In order to avoid the problem of Web authors creating new UTF-8 content
 without declaring that the content uses UTF-8 and in order to maximize the
 ability of users to read content cross-locale, ''do not'' set the fallback
 encoding to UTF-8 for any newly-introduced localization.
 and
 > When in doubt, use windows-1252 as the fallback encoding.

 Still, my recommendation is to use UTF-8. Mozilla wants to encourage
 authors to declare their encodings, but that's not our goal. The effect of
 choosing one over the other is probably small anyway. The choice only
 affects web pages that do not declare their encoding, and UTF-8 and
 Windows-1252 are the same in the first 128 code points, I think.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201401R
Actual Points:   |  Parent ID:
   Points:   |
-+-

Comment (by dcf):

 The [[ticket:10140|ja]] (Japanese) bundle uses
 [https://en.wikipedia.org/wiki/Shift_JIS Shift JIS] as a fallback
 encoding, making it also distinct.

  * utf-8: ã %C3%A3
  * iso-8859-1: ã %C3%83%C2%A3
  * iso-8859-2: ĂŁ %C4%82%C5%81
  * windows-1251: ГЈ %D0%93%D0%88
  * euc-kr: 찾 %EC%B0%BE
  * gbk: 茫 %E8%8C%AB
  * shift_jis: ﾃ｣ %EF%BE%83%EF%BD%A3

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
-+-
 Reporter:  dcf  |  Owner:  mikeperry
 Type:  defect   | Status:  needs_review
 Priority:  normal   |  Milestone:
Component:   |Version:
  TorBrowserButton   |   Keywords:  tbb-fingerprinting, tbb-pref,
   Resolution:   |  MikePerry201401R
Actual Points:   |  Parent ID:
   Points:   |
-+-
Changes (by mikeperry):

 * keywords:  tbb-fingerprinting => tbb-fingerprinting, tbb-pref,
 MikePerry201401R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
   Resolution:|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|
--+

Comment (by dcf):

 Replying to [comment:5 gk]:
 > What should get reviewed giving your description and the changed
 behavior in Fx 28?

 Just the idea of setting intl.charset.default=UTF-8.

 That, and figuring out if we'll need to do anything special in the next
 Firefox.

 I have a proof-of-concept implementation of the charset detection that I
 can send you if you want.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
   Resolution:|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|
--+
Changes (by gk):

 * cc: gk (added)


Comment:

 What should get reviewed giving your description and the changed behavior
 in Fx 28?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
   Resolution:|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|
--+

Comment (by dcf):

 Replying to [ticket:10703 dcf]:
 > JavaScript in the HTML measures the size of the rendered characters.

 Actually it's even easier than measuring the size. You can look at the
 `innerHTML` and get a string with exactly the decoded characters in it.
 Here is what `encodeURIComponent(elem.innerHTML)` looks like for the
 example sequence "\xc3\a3":
  * utf-8: ã %C3%A3
  * iso-8859-1: ã %C3%83%C2%A3
  * iso-8859-2: ĂŁ %C4%82%C5%81
  * windows-1251: ГЈ %D0%93%D0%88
  * euc-kr: 찾 %EC%B0%BE
  * gbk: 茫 %E8%8C%AB

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  needs_review
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
   Resolution:|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|
--+
Changes (by dcf):

 * status:  new => needs_review


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  new
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
   Resolution:|   Keywords:  tbb-fingerprinting
Actual Points:|  Parent ID:
   Points:|
--+
Changes (by dcf):

 * keywords:  tbb-fingerprints => tbb-fingerprinting


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+--
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  new
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
   Resolution:|   Keywords:  tbb-fingerprints
Actual Points:|  Parent ID:
   Points:|
--+--

Comment (by dcf):

 Here's where the fallback charset is exposed in the UI.
 Edit→Preferences→Content→Fonts & Colors→Advanced→Character Encoding for
 Legacy Content.

 en-US ISO-8859-1:
 [[Image(fonts-en_US.png)]]

 pl ISO-8859-2:
 [[Image(fonts-pl.png)]]

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #10703 [TorBrowserButton]: Fallback charset enables fingerprinting of bundle localization

[Tor Bug Tracker & Wiki]

#10703: Fallback charset enables fingerprinting of bundle localization
--+---
 Reporter:  dcf   |  Owner:  mikeperry
 Type:  defect| Status:  new
 Priority:  normal|  Milestone:
Component:  TorBrowserButton  |Version:
 Keywords:  tbb-fingerprints  |  Actual Points:
Parent ID:| Points:
--+---
 Torbutton has the `spoof_english` pref that changes the value of the
 `Accept-Language` header to `en-us,en;q=0.5`; this cloaks what particular
 localized bundle you may be using. But localized bundles still differ in
 their default (fallback) charset. By figuring out what characters a byte
 sequence decodes as, it's possible to find out what charset is in use.

 The attack goes like this. The web server sends an HTML page with no
 declared charset, neither in the HTTP header (`Content-Type`) nor in the
 HTML (`). The HTML contains one or more byte sequences
 that stand for different characters in different charsets. JavaScript in
 the HTML measures the size of the rendered characters. By including a few
 different byte sequences, it's probably possible to fingerprint all the
 possible TBB localizations.

 It looks like our current bundles may come with any of 6 different default
 charsets:
  * [https://en.wikipedia.org/wiki/UTF-8 utf-8]: ar fa
  * [https://en.wikipedia.org/wiki/ISO/IEC_8859-1 iso-8859-1]: de es-ES fr
 it nl pt-PT vi
  * [https://en.wikipedia.org/wiki/ISO/IEC_8859-2 iso-8859-2]: pl
  * [https://en.wikipedia.org/wiki/Windows-1251 windows-1251]: ru
  * [https://en.wikipedia.org/wiki/EUC-KR#EUC-KR euc-kr]: ko
  * [https://en.wikipedia.org/wiki/GBK gbk]: zh
 I found these by grepping the langpacks' unpacked `*.xpi` files for
 "[http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries#Intl.
 intl.charset.default]".

 As an example of how byte sequences can be variously decoded, here are
 decodings of "\xc3\xa3":
  * utf-8: ã
  * iso-8859-1: ã
  * iso-8859-2: ĂŁ
  * windows-1251: ГЈ
  * euc-kr: 찾
  * gbk: 茫
 That is, an HTML page can contain the sequence "\xc3\xa3" and it will
 render as different characters depending on the charset in effect.

 A possible solution is just to force intl.charset.default to UTF-8 in all
 localizations. Here are some Mozilla bugs I found that are relevant to
 setting this pref to UTF-8:
 [https://bugzilla.mozilla.org/show_bug.cgi?id=910165 910165]
 [https://bugzilla.mozilla.org/show_bug.cgi?id=406498 406498]
 [https://bugzilla.mozilla.org/show_bug.cgi?id=536506 536506]
 [https://bugzilla.mozilla.org/show_bug.cgi?id=910169 910169].

 Also see https://developer.mozilla.org/en-
 US/docs/Localizations_and_character_encodings#Specifying_the_fallback_encoding,
 which indicates that Firefox's behavior with respect to the fallback
 charset will change:
 > As of Firefox 28, this section is obsolete, since the preference
 intl.charset.default no longer exists. The mapping from locales onto
 fallback encodings is now built into Gecko itself.
 In the best case, this could be interpreted to mean that the
 `spoof_english` setting will become sufficient, and the fallback will
 become as it would be for en-US. Or it might just mean that the preference
 is moved to somewhere inside Gecko. It seems the relevant bug is
 [https://bugzilla.mozilla.org/show_bug.cgi?id=910192 910192: Get rid of
 intl.charset.default as a localizable pref and deduce the fallback...].

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs