Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT!!
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/comment/277375#comment-277375
- Sanitize the add-on blocklist update URL
https://trac.torproject.org/projects/tor/ticket/16931
related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/projects/tor/ticket/6734
related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/projects/tor/ticket/22966
[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/projects/tor/ticket/6734 without fix this privacy issue.
>From Ubuntu 18.04.1 LiveCD
/v1/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/60.2.0/Firefox/20180204030101/Linux_x86_64-gcc3/en-US/release/Linux 4.15.0-29-generic (GTK 3.22.30 libpulse 11.1.0)/default/default/1/1/new/"
"about:config
extensions.blocklist.url"
"Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
WTF?
Reply to: