Clarify the privacy implication of setting a locale
Question raised in https://lists.autistici.org/message/20200103.094500.22ffbd74.en.html
First, most, if not all, exploited applications have access to
Wrt. network fingerprinting:
- We have to assume that some applications may expose the system’s
locale configuration as part of their network activity.
- For Tor Browser and Thunderbird, our configuration tries to avoid
this (best effort) but it’s impossible to prove we did not
Wrt. local storage:
- If an adversary can read the content of the persistent storage,
pretty sure that the locale configuration can be easily inferred
- If/once we allow persisting the locale in cleartext on the system
partition, this information will be available to an adversary
who seizes the Tails device.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information