Re: [Tails-ux] Tails Greeter settings

Delete this message

Reply to this message
Author: duc01k
Date:  
To: tails-ux@boum.org
Subject: Re: [Tails-ux] Tails Greeter settings
Accidentally sent the following reply March 8 direct to Intrigeri
instead of the list. Correcting that now.

Intrigeri:
> Hi,
>
> sajolida (2020-02-25):
>> Surprisingly, it's not even clear to me what the implications of the
>> Language and Region settings can be on privacy. So I'm moving the
>> discussion to tails-dev@??? in order to ask our fellow developers.
>
> First, most, if not all, exploited applications have access to
> locale configuration.
>
> Wrt. network fingerprinting:
>
>  - We have to assume that some applications may expose the system's
>    locale configuration as part of their network activity.

>
>  - For Tor Browser and Thunderbird, our configuration tries to avoid
>    this (best effort) but it's impossible to prove we did not
>    miss anything.

>
> Wrt. local storage:
>
>  - If an adversary can read the content of the persistent storage, I'm
>    pretty sure that the locale configuration can be easily inferred
>    from that.

>
>  - If/once we allow persisting the locale in cleartext on the system
>    partition, this information will be available to an adversary
>    who seizes the Tails device.

>


What I'm hearing is that changing locale is a significant
fingerprinting, therefore privacy, risk.

Maybe a message should be displayed when people make a change to the
locale settings in Greeter explaining the additional risk and asking
them to confirm before proceeding?