1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
commit d20c7d929c84
Author: Ethan <ettseng@mozilla.com>
Date: Fri Sep 1 17:29:44 2017 +0800
Bug 1393283 - Use the last ESR version as the spoofed Firefox version. r=tihuang, r=mcmanus
---
.../test/browser/browser_navigator.js | 2 +-
netwerk/protocol/http/nsHttpHandler.cpp | 16 +++----
.../resistfingerprinting/nsRFPService.cpp | 56 ++++++++++++++++++++++
.../components/resistfingerprinting/nsRFPService.h | 3 ++
4 files changed, 66 insertions(+), 11 deletions(-)
diff --git browser/components/resistfingerprinting/test/browser/browser_navigator.js browser/components/resistfingerprinting/test/browser/browser_navigator.js
index 25c393d8bb2a..9f52e34a9451 100644
--- browser/components/resistfingerprinting/test/browser/browser_navigator.js
+++ browser/components/resistfingerprinting/test/browser/browser_navigator.js
@@ -91,7 +91,7 @@ add_task(async function setup() {
let appInfo = Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULAppInfo);
let appVersion = parseInt(appInfo.version);
- let spoofedVersion = appVersion - (appVersion % 10);
+ let spoofedVersion = appVersion - ((appVersion - 3) % 7);
spoofedUserAgent = `Mozilla/5.0 (${SPOOFED_OSCPU}; rv:${spoofedVersion}.0) Gecko/20100101 Firefox/${spoofedVersion}.0`;
});
diff --git netwerk/protocol/http/nsHttpHandler.cpp netwerk/protocol/http/nsHttpHandler.cpp
index 31d0f8832732..b957d835b52f 100644
--- netwerk/protocol/http/nsHttpHandler.cpp
+++ netwerk/protocol/http/nsHttpHandler.cpp
@@ -461,16 +461,12 @@ nsHttpHandler::Init()
mAppVersion.AssignLiteral(MOZ_APP_UA_VERSION);
}
- // Generating the spoofed userAgent for fingerprinting resistance.
- // The browser version will be rounded down to a multiple of 10.
- // By doing so, the anonymity group will cover more versions instead of one
- // version.
- uint32_t spoofedVersion = mAppVersion.ToInteger(&rv);
- if (NS_SUCCEEDED(rv)) {
- spoofedVersion = spoofedVersion - (spoofedVersion % 10);
- mSpoofedUserAgent.Assign(nsPrintfCString(
- "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
- SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
+ // Generating the spoofed User Agent for fingerprinting resistance.
+ rv = nsRFPService::GetSpoofedUserAgent(mSpoofedUserAgent);
+ if (NS_FAILED(rv)) {
+ // Empty mSpoofedUserAgent to make sure the unsuccessful spoofed UA string
+ // will not be used anywhere.
+ mSpoofedUserAgent.Truncate();
}
mSessionStartTime = NowInSeconds();
diff --git toolkit/components/resistfingerprinting/nsRFPService.cpp toolkit/components/resistfingerprinting/nsRFPService.cpp
index 94554200c3b8..96a2940c04a0 100644
--- toolkit/components/resistfingerprinting/nsRFPService.cpp
+++ toolkit/components/resistfingerprinting/nsRFPService.cpp
@@ -18,10 +18,13 @@
#include "nsServiceManagerUtils.h"
#include "nsString.h"
#include "nsXULAppAPI.h"
+#include "nsPrintfCString.h"
#include "nsIObserverService.h"
#include "nsIPrefBranch.h"
#include "nsIPrefService.h"
+#include "nsIXULAppInfo.h"
+#include "nsIXULRuntime.h"
#include "nsJSUtils.h"
#include "prenv.h"
@@ -162,6 +165,59 @@ nsRFPService::GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t
return NSToIntFloor(time * sVideoFramesPerSec * ((100 - boundedDroppedRatio) / 100.0));
}
+/* static */
+nsresult
+nsRFPService::GetSpoofedUserAgent(nsACString &userAgent)
+{
+ // This function generates the spoofed value of User Agent.
+ // We spoof the values of the platform and Firefox version, which could be
+ // used as fingerprinting sources to identify individuals.
+ // Reference of the format of User Agent:
+ // https://developer.mozilla.org/en-US/docs/Web/API/NavigatorID/userAgent
+ // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
+
+ nsresult rv;
+ nsCOMPtr<nsIXULAppInfo> appInfo =
+ do_GetService("@mozilla.org/xre/app-info;1", &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsAutoCString appVersion;
+ rv = appInfo->GetVersion(appVersion);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // The browser version will be spoofed as the last ESR version.
+ // By doing so, the anonymity group will cover more versions instead of one
+ // version.
+ uint32_t firefoxVersion = appVersion.ToInteger(&rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // Starting from Firefox 10, Firefox ESR was released once every seven
+ // Firefox releases, e.g. Firefox 10, 17, 24, 31, and so on.
+ // We infer the last and closest ESR version based on this rule.
+ nsCOMPtr<nsIXULRuntime> runtime =
+ do_GetService("@mozilla.org/xre/runtime;1", &rv);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ nsAutoCString updateChannel;
+ rv = runtime->GetDefaultUpdateChannel(updateChannel);
+ NS_ENSURE_SUCCESS(rv, rv);
+
+ // If we are running in Firefox ESR, determine whether the formula of ESR
+ // version has changed. Once changed, we must update the formula in this
+ // function.
+ if (updateChannel.Equals("esr")) {
+ MOZ_ASSERT(((firefoxVersion % 7) == 3),
+ "Please udpate ESR version formula in nsRFPService.cpp");
+ }
+
+ uint32_t spoofedVersion = firefoxVersion - ((firefoxVersion - 3) % 7);
+ userAgent.Assign(nsPrintfCString(
+ "Mozilla/5.0 (%s; rv:%d.0) Gecko/%s Firefox/%d.0",
+ SPOOFED_OSCPU, spoofedVersion, LEGACY_BUILD_ID, spoofedVersion));
+
+ return rv;
+}
+
nsresult
nsRFPService::Init()
{
diff --git toolkit/components/resistfingerprinting/nsRFPService.h toolkit/components/resistfingerprinting/nsRFPService.h
index cf1f688bb992..bad80383883b 100644
--- toolkit/components/resistfingerprinting/nsRFPService.h
+++ toolkit/components/resistfingerprinting/nsRFPService.h
@@ -49,6 +49,9 @@ public:
static uint32_t GetSpoofedDroppedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
static uint32_t GetSpoofedPresentedFrames(double aTime, uint32_t aWidth, uint32_t aHeight);
+ // This method generates the spoofed value of User Agent.
+ static nsresult GetSpoofedUserAgent(nsACString &userAgent);
+
private:
nsresult Init();
|
