intrigeri: > sajolida (2020-02-25): >> Surprisingly, it's not even clear to me what the implications of the >> Language and Region settings can be on privacy. So I'm moving the >> discussion to [email protected] in order to ask our fellow developers. > > First, most, if not all, exploited applications have access to > locale configuration. > > Wrt. network fingerprinting: > > - We have to assume that some applications may expose the system's > locale configuration as part of their network activity. > > - For Tor Browser and Thunderbird, our configuration tries to avoid > this (best effort) but it's impossible to prove we did not > miss anything. > > Wrt. local storage: > > - If an adversary can read the content of the persistent storage, I'm > pretty sure that the locale configuration can be easily inferred > from that. > > - If/once we allow persisting the locale in cleartext on the system > partition, this information will be available to an adversary > who seizes the Tails device.
Thanks for the technical details! So it will really not be easy to explain practical the implications in a simple way. I stored this info on #17532 but I won't make it part of our priorities right now because the cost/benefit is really not clear to me. -- sajolida Tails — https://tails.boum.org/ UX · Fundraising · Technical Writing _______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
