Tor Browser Bundle 8.0 (TBB) sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TBB 8.0, is also affected.
User report:[1]
https://blog.torproject.org/comment/277375#comment-277375Sanitize the add-on blocklist update URL
https://trac.torproject.org/projects/tor/ticket/16931related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/projects/tor/ticket/6734[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/projects/tor/ticket/6734 without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
/v1/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/60.2.0/Firefox/20180204030101/Linux_x86_64-gcc3/en-US/release/Linux 4.15.0-29-generic (GTK 3.22.30 libpulse 11.1.0)/default/default/1/1/new/""about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
(Score: 2) by jasassin on Wednesday September 26 2018, @03:19AM (2 children)
The thing that bothers me is that it was reported and noone appears to give a shit. This isn't like fixing some insdeous bug, it's hacking one line of code. I'm baffled.
I'd fix it but my addition of a // in the beginning of a line might confuse and anger them.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 2) by takyon on Wednesday September 26 2018, @03:48AM
Getting ready for the ultimate Tor-browser integration [soylentnews.org]?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by exaeta on Wednesday September 26 2018, @04:43AM
Mozilla is (probably) on the side of the NSA, what did you expect? There are lots of vulnerabilities in Firefox. I suspect many are intentional.
The Government is a Bird