diff mbox

gnu: icecat: correct useragent to GNU GuixSD.

Message ID 878tv0un7w.fsf@gnu.org
State New
Headers show

Commit Message

Jan Nieuwenhuizen Sept. 10, 2016, 9:18 a.m. UTC
Hi!

Attached simple patch fixes spreading of theh terribly ignoring lie that
I would be running Windows NT.

I'm probably displayng unimaginable ignorance here but it's beyond me
why a project like Firefox would hardcode such a default.

Greetings,
Jan

Comments

Vincent Legoll Sept. 10, 2016, 10:01 a.m. UTC | #1
On Sat, Sep 10, 2016 at 11:18 AM, Jan Nieuwenhuizen <janneke@gnu.org> wrote:
> Attached simple patch fixes spreading of theh terribly ignoring lie that
> I would be running Windows NT.
>
> I'm probably displayng unimaginable ignorance here but it's beyond me
> why a project like Firefox would hardcode such a default.

That's probably because sites often don't give you same thing when
they detected the useragent isn't a MS one...

The linux kernel do the same wrt ACPI, for the same reasons
non such Sept. 10, 2016, 11:47 a.m. UTC | #2
Jan Nieuwenhuizen <janneke@gnu.org> writes:

> Hi!
>
> Attached simple patch fixes spreading of theh terribly ignoring lie that
> I would be running Windows NT.
>
> I'm probably displayng unimaginable ignorance here but it's beyond me
> why a project like Firefox would hardcode such a default.

It is not hardcoded. You setup your profile, you configure it before the
build as the profile is a requirement. I guess that Icecat chose to go
with the Windows string for some reasons you can ask about on their
mailinglist.

> Greetings,
> Jan
>
> From c203a34e3f07b8c7e6c0381ef07a9ebde4d0ae29 Mon Sep 17 00:00:00 2001
> From: Jan Nieuwenhuizen <janneke@gnu.org>
> Date: Sat, 10 Sep 2016 10:00:38 +0200
> Subject: [PATCH] gnu: icecat: correct useragent to GNU GuixSD.
>
> * gnu/packages/patches/icecat-fix-useragent.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/gnuzilla.scm (icecat): Use it.
> ---
>  gnu/local.mk                                    |  1 +
>  gnu/packages/gnuzilla.scm                       |  2 ++
>  gnu/packages/patches/icecat-fix-useragent.patch | 11 +++++++++++
>  3 files changed, 14 insertions(+)
>  create mode 100644 gnu/packages/patches/icecat-fix-useragent.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index dac938f..5b05628 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -571,6 +571,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/hypre-doc-tables.patch			\
>    %D%/packages/patches/hypre-ldflags.patch			\
>    %D%/packages/patches/icecat-avoid-bundled-includes.patch	\
> +  %D%/packages/patches/icecat-fix-useragent.patch		\
>    %D%/packages/patches/icecat-CVE-2016-2818-pt1.patch		\
>    %D%/packages/patches/icecat-CVE-2016-2818-pt2.patch		\
>    %D%/packages/patches/icecat-CVE-2016-2818-pt3.patch		\
> diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
> index 27c8ede..881e783 100644
> --- a/gnu/packages/gnuzilla.scm
> +++ b/gnu/packages/gnuzilla.scm
> @@ -5,6 +5,7 @@
>  ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
>  ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
>  ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
> +;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -306,6 +307,7 @@ standards.")
>          "1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb"))
>        (patches (search-patches
>                  "icecat-avoid-bundled-includes.patch"
> +                "icecat-fix-useragent.patch"
>                  "icecat-CVE-2016-2818-pt1.patch"
>                  "icecat-CVE-2016-2818-pt2.patch"
>                  "icecat-CVE-2016-2818-pt3.patch"
> diff --git a/gnu/packages/patches/icecat-fix-useragent.patch b/gnu/packages/patches/icecat-fix-useragent.patch
> new file mode 100644
> index 0000000..e588085
> --- /dev/null
> +++ b/gnu/packages/patches/icecat-fix-useragent.patch
> @@ -0,0 +1,11 @@
> +--- icecat-38.8.0/browser/app/profile/icecat.js.orig	2016-09-10 09:56:30.809082564 +0200
> ++++ icecat-38.8.0/browser/app/profile/icecat.js	2016-09-10 09:56:59.957522723 +0200
> +@@ -2134,7 +2134,7 @@ pref("social.directories", "");
> + // Spoof the useragent to a generic one
> + pref("general.useragent.compatMode.firefox",true);
> + // Spoof the useragent to a generic one
> +-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0");
> ++pref("general.useragent.override", "Mozilla/5.0 (GNU GuixSD 0.11.0; rv:38.0) Gecko/20100101 Firefox/38.0");
> + pref("general.appname.override", "Netscape");
> + pref("general.appversion.override", "38.0");
> + pref("general.buildID.override", "Gecko/20100101");
> -- 
> 2.10.0
>
>
> -- 
> Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
> Freelance IT http://JoyofSource.com | Avatar®  http://AvatarAcademy.nl
Brendan Tildesley Sept. 10, 2016, 12:39 p.m. UTC | #3
On 2016-09-10 19:18, Jan Nieuwenhuizen wrote:
> Hi!
>
> Attached simple patch fixes spreading of theh terribly ignoring lie that
> I would be running Windows NT.
>
> I'm probably displayng unimaginable ignorance here but it's beyond me
> why a project like Firefox would hardcode such a default.
>
The user agent is a string that is freely provided to websites when you
connect. Changing the default user agent in Guix's Icecat to Guix means
that all Guix Icecat users will suddenly be identifiable by this datum,
and automated surveillance networks will pick this up, bulking our
browsing behaviour with other instances of the same  user id, using that
to serve up advertising to us on sites or whatever, I haven't really
read much on this.
This is the current Icecat user string followed by the user string of my
version of Tor browser:

Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0

If we had Icecat 45 already, we would be helping Tor users be less
trackable, but as you can see, just 4 characters are different, which is
all that is needed to break anonymity. Perhaps there are still some
people using Tor Browser 38 that we are assisting, but I suspect not
many. I can't see how the version number would affect website behaviour
realistically, so perhaps we could maintain our instance of Icecat
patched with the latest Tor user agent instead, in order to assist Tor
users? On the other hand it is kinda *bleh* to be advertising myself as
a Windows user, skewing statistics, so It'd be nice to have a Linux,
GNU/Linux, or Guix user agent, so that published OS usage statistics
will display our mighty existence! User agents being changeable is
meaningless unless there is at least one large cluster of users with
some arbitrary string that can be chosen to hide with, so there may be
greater value in keeping "Windows NT". I'm not sure, what do others think?
Alex Vong Sept. 10, 2016, 12:47 p.m. UTC | #4
Hello,

Jan Nieuwenhuizen <janneke@gnu.org> writes:

> Hi!
>
> Attached simple patch fixes spreading of theh terribly ignoring lie that
> I would be running Windows NT.
>
> I'm probably displayng unimaginable ignorance here but it's beyond me
> why a project like Firefox would hardcode such a default.
>
While this is not verified by icecat devs, I think this is the desired
behaviour, to prevent others from fingerprinting you as a GNU/Linux
user. For example, tor browser also reports the user agent as
'Windows NT 6.1'.

To change the (reported) user agent, you can either use
random-agent-spoofer to change user agent perodically or User Agent
Switcher to change to a particular user agent.

> Greetings,
> Jan
>
Cheers,
Alex

> From c203a34e3f07b8c7e6c0381ef07a9ebde4d0ae29 Mon Sep 17 00:00:00 2001
> From: Jan Nieuwenhuizen <janneke@gnu.org>
> Date: Sat, 10 Sep 2016 10:00:38 +0200
> Subject: [PATCH] gnu: icecat: correct useragent to GNU GuixSD.
>
> * gnu/packages/patches/icecat-fix-useragent.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/gnuzilla.scm (icecat): Use it.
> ---
>  gnu/local.mk                                    |  1 +
>  gnu/packages/gnuzilla.scm                       |  2 ++
>  gnu/packages/patches/icecat-fix-useragent.patch | 11 +++++++++++
>  3 files changed, 14 insertions(+)
>  create mode 100644 gnu/packages/patches/icecat-fix-useragent.patch
>
> diff --git a/gnu/local.mk b/gnu/local.mk
> index dac938f..5b05628 100644
> --- a/gnu/local.mk
> +++ b/gnu/local.mk
> @@ -571,6 +571,7 @@ dist_patch_DATA =						\
>    %D%/packages/patches/hypre-doc-tables.patch			\
>    %D%/packages/patches/hypre-ldflags.patch			\
>    %D%/packages/patches/icecat-avoid-bundled-includes.patch	\
> +  %D%/packages/patches/icecat-fix-useragent.patch		\
>    %D%/packages/patches/icecat-CVE-2016-2818-pt1.patch		\
>    %D%/packages/patches/icecat-CVE-2016-2818-pt2.patch		\
>    %D%/packages/patches/icecat-CVE-2016-2818-pt3.patch		\
> diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
> index 27c8ede..881e783 100644
> --- a/gnu/packages/gnuzilla.scm
> +++ b/gnu/packages/gnuzilla.scm
> @@ -5,6 +5,7 @@
>  ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
>  ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
>  ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
> +;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
>  ;;;
>  ;;; This file is part of GNU Guix.
>  ;;;
> @@ -306,6 +307,7 @@ standards.")
>          "1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb"))
>        (patches (search-patches
>                  "icecat-avoid-bundled-includes.patch"
> +                "icecat-fix-useragent.patch"
>                  "icecat-CVE-2016-2818-pt1.patch"
>                  "icecat-CVE-2016-2818-pt2.patch"
>                  "icecat-CVE-2016-2818-pt3.patch"
> diff --git a/gnu/packages/patches/icecat-fix-useragent.patch b/gnu/packages/patches/icecat-fix-useragent.patch
> new file mode 100644
> index 0000000..e588085
> --- /dev/null
> +++ b/gnu/packages/patches/icecat-fix-useragent.patch
> @@ -0,0 +1,11 @@
> +--- icecat-38.8.0/browser/app/profile/icecat.js.orig	2016-09-10 09:56:30.809082564 +0200
> ++++ icecat-38.8.0/browser/app/profile/icecat.js	2016-09-10 09:56:59.957522723 +0200
> +@@ -2134,7 +2134,7 @@ pref("social.directories", "");
> + // Spoof the useragent to a generic one
> + pref("general.useragent.compatMode.firefox",true);
> + // Spoof the useragent to a generic one
> +-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0");
> ++pref("general.useragent.override", "Mozilla/5.0 (GNU GuixSD 0.11.0; rv:38.0) Gecko/20100101 Firefox/38.0");
> + pref("general.appname.override", "Netscape");
> + pref("general.appversion.override", "38.0");
> + pref("general.buildID.override", "Gecko/20100101");
> -- 
> 2.10.0
Ludovic Courtès Sept. 10, 2016, 12:51 p.m. UTC | #5
Hello Jan,

Jan Nieuwenhuizen <janneke@gnu.org> skribis:

> --- /dev/null
> +++ b/gnu/packages/patches/icecat-fix-useragent.patch
> @@ -0,0 +1,11 @@
> +--- icecat-38.8.0/browser/app/profile/icecat.js.orig	2016-09-10 09:56:30.809082564 +0200
> ++++ icecat-38.8.0/browser/app/profile/icecat.js	2016-09-10 09:56:59.957522723 +0200
> +@@ -2134,7 +2134,7 @@ pref("social.directories", "");
> + // Spoof the useragent to a generic one
> + pref("general.useragent.compatMode.firefox",true);
> + // Spoof the useragent to a generic one
> +-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0");
> ++pref("general.useragent.override", "Mozilla/5.0 (GNU GuixSD 0.11.0; rv:38.0) Gecko/20100101 Firefox/38.0");

This would be a bad idea.  The user-agent string above was chosen so
that users fall into a large “anonymity set”.  If we applied this patch,
then web servers could trivially identify us.

On this topic, see:

  https://panopticlick.eff.org/

Ludo’.
non such Sept. 10, 2016, 12:52 p.m. UTC | #6
Hi,

Brendan Tildesley <brendan.tildesley@openmailbox.org> writes:

> On 2016-09-10 19:18, Jan Nieuwenhuizen wrote:
>> Hi!
>>
>> Attached simple patch fixes spreading of theh terribly ignoring lie that
>> I would be running Windows NT.
>>
>> I'm probably displayng unimaginable ignorance here but it's beyond me
>> why a project like Firefox would hardcode such a default.
>>
> The user agent is a string that is freely provided to websites when you
> connect. Changing the default user agent in Guix's Icecat to Guix means
> that all Guix Icecat users will suddenly be identifiable by this datum,
> and automated surveillance networks will pick this up, bulking our
> browsing behaviour with other instances of the same  user id, using that
> to serve up advertising to us on sites or whatever, I haven't really
> read much on this.
> This is the current Icecat user string followed by the user string of my
> version of Tor browser:
>
> Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
> Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
>
> If we had Icecat 45 already, we would be helping Tor users be less
> trackable, but as you can see, just 4 characters are different, which is
> all that is needed to break anonymity. Perhaps there are still some
> people using Tor Browser 38 that we are assisting, but I suspect not
> many. I can't see how the version number would affect website behaviour
> realistically, so perhaps we could maintain our instance of Icecat
> patched with the latest Tor user agent instead, in order to assist Tor
> users? On the other hand it is kinda *bleh* to be advertising myself as
> a Windows user, skewing statistics, so It'd be nice to have a Linux,
> GNU/Linux, or Guix user agent, so that published OS usage statistics
> will display our mighty existence! User agents being changeable is
> meaningless unless there is at least one large cluster of users with
> some arbitrary string that can be chosen to hide with, so there may be
> greater value in keeping "Windows NT". I'm not sure, what do others think?
>
>

I agree and I am against applying this patch.
Jan Nieuwenhuizen Sept. 10, 2016, 2:27 p.m. UTC | #7
Ludovic Courtès writes:

> This would be a bad idea.  The user-agent string above was chosen so
> that users fall into a large “anonymity set”.  If we applied this patch,
> then web servers could trivially identify us.
>
> On this topic, see:
>
>   https://panopticlick.eff.org/

Thanks for the explanation!  With either user agent string, I get the
same results btw: unique fingerprint.  Of course, using GuixSD may be a
bit less common than Windows NT today, but times are changing ;-)

Greetings,
Jan
diff mbox

Patch

From c203a34e3f07b8c7e6c0381ef07a9ebde4d0ae29 Mon Sep 17 00:00:00 2001
From: Jan Nieuwenhuizen <janneke@gnu.org>
Date: Sat, 10 Sep 2016 10:00:38 +0200
Subject: [PATCH] gnu: icecat: correct useragent to GNU GuixSD.

* gnu/packages/patches/icecat-fix-useragent.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/gnuzilla.scm (icecat): Use it.
---
 gnu/local.mk                                    |  1 +
 gnu/packages/gnuzilla.scm                       |  2 ++
 gnu/packages/patches/icecat-fix-useragent.patch | 11 +++++++++++
 3 files changed, 14 insertions(+)
 create mode 100644 gnu/packages/patches/icecat-fix-useragent.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index dac938f..5b05628 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -571,6 +571,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/hypre-doc-tables.patch			\
   %D%/packages/patches/hypre-ldflags.patch			\
   %D%/packages/patches/icecat-avoid-bundled-includes.patch	\
+  %D%/packages/patches/icecat-fix-useragent.patch		\
   %D%/packages/patches/icecat-CVE-2016-2818-pt1.patch		\
   %D%/packages/patches/icecat-CVE-2016-2818-pt2.patch		\
   %D%/packages/patches/icecat-CVE-2016-2818-pt3.patch		\
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index 27c8ede..881e783 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -5,6 +5,7 @@ 
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -306,6 +307,7 @@  standards.")
         "1yb7a1zsqpra9cgq8hrzrbm5v31drb9367cwvwiksz0ngqy342hb"))
       (patches (search-patches
                 "icecat-avoid-bundled-includes.patch"
+                "icecat-fix-useragent.patch"
                 "icecat-CVE-2016-2818-pt1.patch"
                 "icecat-CVE-2016-2818-pt2.patch"
                 "icecat-CVE-2016-2818-pt3.patch"
diff --git a/gnu/packages/patches/icecat-fix-useragent.patch b/gnu/packages/patches/icecat-fix-useragent.patch
new file mode 100644
index 0000000..e588085
--- /dev/null
+++ b/gnu/packages/patches/icecat-fix-useragent.patch
@@ -0,0 +1,11 @@ 
+--- icecat-38.8.0/browser/app/profile/icecat.js.orig	2016-09-10 09:56:30.809082564 +0200
++++ icecat-38.8.0/browser/app/profile/icecat.js	2016-09-10 09:56:59.957522723 +0200
+@@ -2134,7 +2134,7 @@ pref("social.directories", "");
+ // Spoof the useragent to a generic one
+ pref("general.useragent.compatMode.firefox",true);
+ // Spoof the useragent to a generic one
+-pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0");
++pref("general.useragent.override", "Mozilla/5.0 (GNU GuixSD 0.11.0; rv:38.0) Gecko/20100101 Firefox/38.0");
+ pref("general.appname.override", "Netscape");
+ pref("general.appversion.override", "38.0");
+ pref("general.buildID.override", "Gecko/20100101");
-- 
2.10.0