Skip to content

Editorial: mark DefaultLocale as a fingerprinting vector #997

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryzokuken merged 1 commit into from
May 5, 2025
Merged

Editorial: mark DefaultLocale as a fingerprinting vector #997

ryzokuken merged 1 commit into from
May 5, 2025

Conversation

@ryzokuken
Copy link
Member

@ryzokuken ryzokuken commented Apr 23, 2025

Add a normative note to the DefaultLocale AO to indicate that it can be used as a fingerprinting vector in browser environments.

Fixes #110

@ryzokuken ryzokuken added the editorial Involves an editorial fix label Apr 23, 2025
@ryzokuken ryzokuken requested a review from sffc April 23, 2025 15:15
@ryzokuken ryzokuken self-assigned this Apr 23, 2025
@ryzokuken
Copy link
Member Author

ryzokuken commented Apr 23, 2025

@sffc I tried taking a (rather minimal) stab at your comment at #110 (comment). Let me know how the phrasing feels.

@ryzokuken ryzokuken requested a review from gibson042 April 23, 2025 15:17
sffc
sffc reviewed Apr 23, 2025
View reviewed changes
Copy link
Contributor

@sffc sffc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This conveys the intent, I think. Mainly I want the spec to require that DefaultLocale derives from navigator.languages, such that DefaultLocale does not introduce any new entropy.

gibson042
gibson042 reviewed Apr 23, 2025
View reviewed changes
@ryzokuken @gibson042
Editorial: mark DefaultLocale as a fingerprinting vector
28e561b 
Add a normative note to the DefaultLocale AO to indicate that it can be used as a fingerprinting vector in browser environments.

Fixes tc39#110

Co-authored-by: Richard Gibson <[email protected]>
@ryzokuken ryzokuken requested a review from gibson042 May 5, 2025 09:22
@ryzokuken ryzokuken merged commit 6caa3fb into tc39:main May 5, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sffc sffc sffc left review comments

@gibson042 gibson042 gibson042 approved these changes

Assignees

@ryzokuken ryzokuken

Labels

editorial Involves an editorial fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Consider marking DefaultLocale as a fingerprinting vector

3 participants

@ryzokuken @sffc @gibson042