subject:"\[tor\-bugs\] #13496 \[Applications\/Tor Browser\]\: Write test for spoofed navigator\* values in workers"

Re: [tor-bugs] #13496 [Applications/Tor Browser]: Write test for spoofed navigator* values in workers

2019-11-09 Thread Tor Bug Tracker & Wiki

#13496: Write test for spoofed navigator* values in workers
--+-
 Reporter:  gk|  Owner:  gk
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff38-esr, tbb-testcase|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by Thorin):

 Replying to [comment:1 gk]:
 > A preliminary test is in bug_13496 in my public test repo. Reminder:
 don't forget to test nested workers.

 I think we can close this. Override prefs are not used anymore see tom's
 comment - https://trac.torproject.org/projects/tor/ticket/27268#comment:18
 "Yeah all of these should be deleted from tor's js file. With RFP enabled
 they do nothing"

 ---

 PS: FYI: I know this is not what the ticket was for, but you can go to
 https://securehomes.esat.kuleuven.be/~gacar/dev/worker_test.html which
 shows web workers return RFP values (although some spoofed values are the
 real values, e.g Win32 on windows machines) - I might add this to TZP but
 it's probably a waste of time

 PPS: do you want me to test RFP UA spoofing in nested WebWorkers? Or would
 that also be a waste of time - anyway, feel free to close this

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13496 [Applications/Tor Browser]: Write test for spoofed navigator* values in workers

2019-11-12 Thread Tor Bug Tracker & Wiki

#13496: Write test for spoofed navigator* values in workers
--+-
 Reporter:  gk|  Owner:  gk
 Type:  task  | Status:  new
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff38-esr, tbb-testcase|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+-

Comment (by gk):

 I think we should make a decision about closing that one once we move to a
 non-ESR Firefox and are sure the regular Firefox tests available for
 spoofing are enough. If not, we can use this ticket to write missing ones,
 otherwise close it.

 Thorin: It sounds there might be tests missing (reading you PPS)? If so,
 feel free to go ahead and check it out.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13496 [Applications/Tor Browser]: Write test for spoofed navigator* values in workers

2020-04-30 Thread Tor Bug Tracker & Wiki

#13496: Write test for spoofed navigator* values in workers
--+--
 Reporter:  gk|  Owner:  tbb-team
 Type:  task  | Status:  assigned
 Priority:  Medium|  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  ff38-esr, tbb-testcase|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--

Comment (by Thorin):

 @gk: tests you say... ok then (RFP passes every single test I can think
 of: excluding feature detection)

 - Firefox (use a non-68 release)
 - flip RFP on
 - while I'm still in the process of finishing building these into TZP, you
 can use kkapsner's test [1]
 - this tests open.window(), iframe, nested iframe, "sneaky" iframe, some
 other iframe, web worker, shared worker, service worker, nested workers,
 worker from blob ... etc
 - I've tested kkapsner's test with RFP off and UA spoofing extensions that
 fail to cover iframes etc
 - for those following along at home: ignore the red line that says headers
 is different to navigator (that's by design)

 [1] https://canvasblocker.kkapsner.de/test/navigatorTest.php

 As for what tests are upstream, it seems limited
  - https://dxr.mozilla.org/mozilla-
 
central/source/browser/components/resistfingerprinting/test/browser/browser_navigator.js
  - ^^ includes a worker test

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #13496 [Applications/Tor Browser]: Write test for spoofed navigator* values in workers

Re: [tor-bugs] #13496 [Applications/Tor Browser]: Write test for spoofed navigator* values in workers

Re: [tor-bugs] #13496 [Applications/Tor Browser]: Write test for spoofed navigator* values in workers

3 matches

Site Navigation

Mail list logo

Footer information