Feature #17532

Clarify the privacy implication of setting a locale

Added by sajolida 2020-03-18 19:03:35 . Updated 2020-04-15 06:02:28 .

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Internationalization
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:

Starter:
Affected tool:
Welcome Screen
Deliverable for:

Description

Question raised in https://lists.autistici.org/message/20200103.094500.22ffbd74.en.html

Answered in https://lists.autistici.org/message/20200228.074212.684e7e99.en.html

First, most, if not all, exploited applications have access to
locale configuration.

Wrt. network fingerprinting:

  • We have to assume that some applications may expose the system’s
    locale configuration as part of their network activity.
  • For Tor Browser and Thunderbird, our configuration tries to avoid
    this (best effort) but it’s impossible to prove we did not
    miss anything.

Wrt. local storage:

  • If an adversary can read the content of the persistent storage, I’m
    pretty sure that the locale configuration can be easily inferred
    from that.
  • If/once we allow persisting the locale in cleartext on the system
    partition, this information will be available to an adversary
    who seizes the Tails device.

Subtasks

History

#1 Updated by sajolida 2020-03-18 19:04:18

I have no idea regarding how important this would be to document and it’s not trivial so I’m not making it part of core work for now.

#2 Updated by intrigeri 2020-04-15 06:02:28

  • Affected tool changed from Greeter to Welcome Screen