Tor Browser Bundle 8.0 (TBB) sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TBB 8.0, is also affected.
User report:[1]
https://blog.torproject.org/comment/277375#comment-277375Sanitize the add-on blocklist update URL
https://trac.torproject.org/projects/tor/ticket/16931related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/projects/tor/ticket/6734[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/projects/tor/ticket/6734 without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
/v1/blocklist/3/%7Bec8030f7-c20a-464f-9b0e-13a3a9e97384%7D/60.2.0/Firefox/20180204030101/Linux_x86_64-gcc3/en-US/release/Linux 4.15.0-29-generic (GTK 3.22.30 libpulse 11.1.0)/default/default/1/1/new/""about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
(Score: 2) by RamiK on Wednesday September 26 2018, @07:51PM
You use javascript enabled browsers. Many of which to access sites with server-side functionality. And I doubt you read through the code when you do "permit" updates so it's not an informed consent regardless...
Unless you read Mozilla's code, you're already putting your safety in their hands. Knowingly or otherwise.
compiling...