Clarify the privacy implication of setting a locale
Originally created by @sajolida on #17532 (Redmine)
Question raised in https://lists.autistici.org/message/20200103.094500.22ffbd74.en.html
Answered in https://lists.autistici.org/message/20200228.074212.684e7e99.en.html
First, most, if not all, exploited applications have access to
locale configuration.
Wrt. network fingerprinting:
- We have to assume that some applications may expose the system’s
locale configuration as part of their network activity.
- For Tor Browser and Thunderbird, our configuration tries to avoid
this (best effort) but it’s impossible to prove we did not
miss anything.
Wrt. local storage:
- If an adversary can read the content of the persistent storage,
I’m
pretty sure that the locale configuration can be easily inferred
from that.
- If/once we allow persisting the locale in cleartext on the system
partition, this information will be available to an adversary
who seizes the Tails device.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information