On Sat, Sep 26, 2020 at 11:31:46AM -0700, joel04g_t535e@secmail.pro wrote:
With javascript enabled, websites can know If you use linux or windows. In my opinion, this is more information than a website should have.
As a linux user, I visited panopticlick.eff.org and did the browser fingerprint test. The results revealed my platform to be "Linux x86_64".
Is there a way that Tor devs can make Tor browser spoof this value to be the same for all users or random, regardless of OS?
No, not easily. There is the semi-easy OS leak in the web API where Tor Browser provides the correct OS in |navigator.useragent| (see [0] for that reasoning, and [1] for a tracking bug). However there exist additional leaks [2][3][4] where the OS could be identified even if we plugged the easy one. There are likely more, as well. This should not be interpretted as an unwillingness to plug all the holes, but the rabbit hole goes very deep and our time is very limited.
[0] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/26146 [1] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/28290 [2] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/18097 [3] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/29563 [4] https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/13018