Closed Bug 1974361 Opened 3 months ago Closed 3 months ago

Locale information is leaking even when resist.fingerprinting is turned on

Categories

(Core :: Privacy: Anti-Tracking, defect)

Product:
Core
Component:
Privacy: Anti-Tracking
Version:
Firefox 139
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1671850

People

(Reporter: qwerty098, Unassigned)

Details

Attachments

(3 files)

firefox.png
255.27 KB, image/png
Details
firefox 2.png
413.78 KB, image/png
Details
confirmation-dialog-de.png
372.91 KB, image/png
Details
Attached image firefox.png

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Steps to reproduce:

  1. Visit browserleaks website
  2. Click on JavaScript section

Actual results:

It display my actual locale, en-AU.

Expected results:

It should be displayed as en-US

Attached image firefox 2.png

Even the support article on Firefox website says the following-

The locale is reported as en-US.

Do you have privacy.spoof_english set?

Flags: needinfo?(qwerty098)
Component: Untriaged → Privacy: Anti-Tracking
Product: Firefox → Core

(In reply to Tom Schuster (MoCo) from comment #2)

Do you have privacy.spoof_english set?

I haven't touched any settings other than setting privacy.resistFingerprinting to true. For spoof_english, it is 0.

A user on reddit told me to check navigator.language(s) in the console and it displayed "en-US" , "en" but for some reason browserleaks shows my true value en-AU.

Flags: needinfo?(qwerty098)

When flipping privacy.resistFingerprinting you are shown a confirmation dialog about whether you'd like to spoof your locale to websites (german version attached).

It is this string. You need to confirm by clicking "Yes" to also spoof the language. privacy.spoof_english will be set to 2 by doing so (at least for me when I tested this now). Clicking on "No" leads the the result you screenshotted of language leaking to website (https://browserleaks.com/javascript)

spoof_english only prompts if locale is not en* - so en-NZ, en-CA, en-GB etc users are never prompted. I opened Bug 1671850 5 years ago. If OP manually enables spoof_english then it works.

Note, ignoring spoof_english... if your language is xx, xx-YY and your system language's xx part matches, then your system's language will be used as locale. So in this case, if the app is en-US, all english systems will report the system's locale, and there are over 100 of them for english alone (at least in Intl)

This is not an issue at Tor Project since we only ship a single english app language (en-US), and enforce languages (intl.accept_languages - we even took away the UI) and enforce locales to match languages

Status: UNCONFIRMED → RESOLVED
Closed: 3 months ago
Duplicate of bug: 1671850
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: