[Old - See Update] The New Tor Browser is Leaking Your Operating System

Submitted by sudo in Privacy (edited )

Update: Tor Browser 8.0.1 has fixed the bug, so it no longer leaks your operating system.

The latest version of Tor Browser (8.0) is leaking the user's operating system in the user agent. It seems that the Firefox developers decided not to spoof the OS part of the user agent when Firefox's "resist fingerprinting" option is enabled. Their reasoning for doing this is that there are lots of other ways for a website to detect the user's operating system, so if the website detects that the user agent is lying, that would make the user more unique, and therefore more fingerprint-able.

The Tor developers saw the change, and were confounded by how to circumvent it. But, it seems they ultimately decided not to, since they agreed with the reasoning of the Firefox developers. So, the Tor Browser user agent now shows your operating system.

The reasoning behind this change is indeed solid - except for those who disable Javascript. All of the "other ways" for determining a user's operating system rely on Javascript to function. If Javascript is disabled, then a website will have to rely on the user agent to determine the operating system. So, for people who disable Javascript in Tor Browser, this is actually a regression of anonymity, not a progression as it is for the others. What's worse, there is no way to spoof the operating system in the user agent without installing 3rd-party extensions, or modifying the Tor Browser source code.

Hopefully the Tor Browser developers can find a way to fix the Firefox user agent override bug, but until then, if you run Tor Browser with the Safest security settings, be warned that your anonymity is slightly less than what it used to be.


You must log in or register to comment.


GrimWillow wrote

People who hate JS are left in the dust, just like all the ludites that hated the industrial factories during their inception.