Skip to content

GitLab

Open
Created by sajolida@sajolidaMaintainer

Clarify the privacy implication of setting a locale

Originally created by @sajolida on #17532 (Redmine)

Question raised in https://lists.autistici.org/message/20200103.094500.22ffbd74.en.html

Answered in https://lists.autistici.org/message/20200228.074212.684e7e99.en.html

First, most, if not all, exploited applications have access to
locale configuration.

Wrt. network fingerprinting:

  • We have to assume that some applications may expose the system’s
    locale configuration as part of their network activity.
  • For Tor Browser and Thunderbird, our configuration tries to avoid
    this (best effort) but it’s impossible to prove we did not
    miss anything.

Wrt. local storage:

  • If an adversary can read the content of the persistent storage, I’m
    pretty sure that the locale configuration can be easily inferred
    from that.
  • If/once we allow persisting the locale in cleartext on the system
    partition, this information will be available to an adversary
    who seizes the Tails device.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information