Bug 1861847 - Hard code User-Agent string's CPU arch on Android, Linux, and other Unix-like platforms. r=necko-reviewers,kershaw

Freeze the CPU architecture reported in Firefox's `User-Agent` HTTP header and `navigator.userAgent` and `navigator.platform` Web APIs as `Linux armv81` on Android and `Linux x86_64` on Linux and other Unix-like platforms. Temporarily guard this change behind a pref so it can be disabled quickly, if needed. Goals: 1. Reduce fingerprintable entropy exposed to web content. 2. Reduce risk of webcompat problems from unexpected CPU architectures. Chrome's UA reduction effort made the same change in Chrome 107 (2022-10-25): https://www.chromium.org/updates/ua-reduction/#sample-ua-strings-phase-5. Firefox used to report the CPU architecture as "aarch64" on Android, but change to "armv81" to match Chrome and reduce the risk of future webcompat issues. For now, don't enable this pref for x86 Linux builds because Mozilla's Firefox download page checks the visitor's navigator.platform to determine whether to serve an x86 or x86_64 binary (or to direct users to a support page for other architectures, such as ARM64). If x86 and ARM64 Linux builds report they are "Linux x86_64", then the Firefox download pages will unknowingly serve those users an incompatible x86_64 binary. That issue will be resolved by Bedrock bugs https://github.com/mozilla/bedrock/issues/12966 and https://github.com/mozilla/bedrock/issues/14012. In the meantime, we can enable this pref in the meantime for ARM64 Linux (to fix YouTube bug 1869521 and webcompat issues like https://github.com/webcompat/web-bugs/issues/130946) because Mozilla doesn't publish official ARM64 Linux builds of Firefox yet. These users are using unofficial or distro builds and presumably know not to attempt to download Firefox (using Firefox) from mozilla.org. Differential Revision: https://phabricator.services.mozilla.com/D197395
2024-01-05 07:05:38 +00:00 · 2024-01-05 07:05:38 +00:00 · 46594b94f3
--- a/browser/components/resistfingerprinting/test/browser/browser_navigator.js
+++ b/browser/components/resistfingerprinting/test/browser/browser_navigator.js
@ -36,19 +36,34 @@ if (cpuArch == "x86-64") {
  cpuArch = "x86_64";
 }

+// Hard code the User-Agent string's CPU arch on Android, Linux, and other
+// Unix-like platforms. This pref can be removed after we're confident there
+// are no webcompat problems.
+const freezeCpu = Services.prefs.getBoolPref(
+  "network.http.useragent.freezeCpu",
+  false
+);
+
+let defaultLinuxCpu;
+if (freezeCpu) {
+  defaultLinuxCpu = AppConstants.platform == "android" ? "armv81" : "x86_64";
+} else {
+  defaultLinuxCpu = cpuArch;
+}
+
 const DEFAULT_PLATFORM = {
-  linux: `Linux ${cpuArch}`,
+  linux: `Linux ${defaultLinuxCpu}`,
  win: "Win32",
  macosx: "MacIntel",
-  android: `Linux ${cpuArch}`,
-  other: `Linux ${cpuArch}`,
+  android: `Linux ${defaultLinuxCpu}`,
+  other: `Linux ${defaultLinuxCpu}`,
 };

 const SPOOFED_PLATFORM = {
  linux: "Linux x86_64",
  win: "Win32",
  macosx: "MacIntel",
-  android: "Linux aarch64",
+  android: "Linux armv81",
  other: "Linux x86_64",
 };

@ -69,25 +84,25 @@ const WindowsOscpuPromise = (async () => {
 })();

 const DEFAULT_OSCPU = {
-  linux: `Linux ${cpuArch}`,
+  linux: `Linux ${defaultLinuxCpu}`,
  macosx: "Intel Mac OS X 10.15",
-  android: `Linux ${cpuArch}`,
-  other: `Linux ${cpuArch}`,
+  android: `Linux ${defaultLinuxCpu}`,
+  other: `Linux ${defaultLinuxCpu}`,
 };

 const SPOOFED_OSCPU = {
  linux: "Linux x86_64",
  win: "Windows NT 10.0; Win64; x64",
  macosx: "Intel Mac OS X 10.15",
-  android: "Linux aarch64",
+  android: "Linux armv81",
  other: "Linux x86_64",
 };

 const DEFAULT_UA_OS = {
-  linux: `X11; Linux ${cpuArch}`,
+  linux: `X11; Linux ${defaultLinuxCpu}`,
  macosx: "Macintosh; Intel Mac OS X 10.15",
  android: "Android 10; Mobile",
-  other: `X11; Linux ${cpuArch}`,
+  other: `X11; Linux ${defaultLinuxCpu}`,
 };

 const SPOOFED_UA_NAVIGATOR_OS = {
--- a/browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js
+++ b/browser/components/resistfingerprinting/test/browser/browser_navigator_iframes.js
@ -51,19 +51,34 @@ if (cpuArch == "x86-64") {
  cpuArch = "x86_64";
 }

+// Hard code the User-Agent string's CPU arch on Android, Linux, and other
+// Unix-like platforms. This pref can be removed after we're confident there
+// are no webcompat problems.
+const freezeCpu = Services.prefs.getBoolPref(
+  "network.http.useragent.freezeCpu",
+  false
+);
+
+let defaultLinuxCpu;
+if (freezeCpu) {
+  defaultLinuxCpu = AppConstants.platform == "android" ? "armv81" : "x86_64";
+} else {
+  defaultLinuxCpu = cpuArch;
+}
+
 const DEFAULT_PLATFORM = {
-  linux: `Linux ${cpuArch}`,
+  linux: `Linux ${defaultLinuxCpu}`,
  win: "Win32",
  macosx: "MacIntel",
-  android: `Linux ${cpuArch}`,
-  other: `Linux ${cpuArch}`,
+  android: `Linux ${defaultLinuxCpu}`,
+  other: `Linux ${defaultLinuxCpu}`,
 };

 const SPOOFED_PLATFORM = {
  linux: "Linux x86_64",
  win: "Win32",
  macosx: "MacIntel",
-  android: "Linux aarch64",
+  android: "Linux armv81",
  other: "Linux x86_64",
 };

@ -84,25 +99,25 @@ const WindowsOscpuPromise = (async () => {
 })();

 const DEFAULT_OSCPU = {
-  linux: `Linux ${cpuArch}`,
+  linux: `Linux ${defaultLinuxCpu}`,
  macosx: "Intel Mac OS X 10.15",
-  android: `Linux ${cpuArch}`,
-  other: `Linux ${cpuArch}`,
+  android: `Linux ${defaultLinuxCpu}`,
+  other: `Linux ${defaultLinuxCpu}`,
 };

 const SPOOFED_OSCPU = {
  linux: "Linux x86_64",
  win: "Windows NT 10.0; Win64; x64",
  macosx: "Intel Mac OS X 10.15",
-  android: "Linux aarch64",
+  android: "Linux armv81",
  other: "Linux x86_64",
 };

 const DEFAULT_UA_OS = {
-  linux: `X11; Linux ${cpuArch}`,
+  linux: `X11; Linux ${defaultLinuxCpu}`,
  macosx: "Macintosh; Intel Mac OS X 10.15",
  android: "Android 10; Mobile",
-  other: `X11; Linux ${cpuArch}`,
+  other: `X11; Linux ${defaultLinuxCpu}`,
 };

 const SPOOFED_UA_NAVIGATOR_OS = {
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -11624,6 +11624,28 @@
  value: true
  mirror: always

+# Hard code the User-Agent string's CPU architecture. This pref can be removed
+# after we're confident there are no webcompat problems.
+#
+# For now, don't enable this pref for x86 Linux builds until Firefox
+# download page bugs https://github.com/mozilla/bedrock/issues/12966 and
+# https://github.com/mozilla/bedrock/issues/14012 are fixed.
+#
+# Enable for:
+# * Android (any architecture)
+# * Linux (any architecture except x86)
+# * Other Unix-like platforms except macOS (any architecture)
+- name: network.http.useragent.freezeCpu
+  type: bool
+# (When reading the next line, know that preprocessor.py doesn't
+# understand parentheses, but && is higher precedence than ||.)
+#if defined(ANDROID) || defined(XP_LINUX) && !defined(__i386__) || defined(XP_UNIX) && !defined(XP_LINUX) && !defined(XP_MACOSX)
+  value: true
+#else
+  value: false
+#endif
+  mirror: always
+
 # Whether or not we use Windows for SSO to Microsoft sites.
 - name: network.http.windows-sso.enabled
  type: RelaxedAtomicBool
@ -15266,15 +15288,11 @@

 - name: webgl.out-of-process
  type: RelaxedAtomicBool
-# (When reading the next line, know that preprocessor.py doesn't
-# understand parentheses, but && is higher precedence than ||.)
  value: true
  mirror: always

 - name: webgl.out-of-process.worker
  type: RelaxedAtomicBool
-# (When reading the next line, know that preprocessor.py doesn't
-# understand parentheses, but && is higher precedence than ||.)
  value: true
  mirror: always

--- a/netwerk/protocol/http/nsHttpHandler.cpp
+++ b/netwerk/protocol/http/nsHttpHandler.cpp
@ -893,25 +893,33 @@ void nsHttpHandler::InitUserAgentComponents() {
 #elif defined(XP_MACOSX)
  mOscpu.AssignLiteral("Intel Mac OS X 10.15");
 #elif defined(XP_UNIX)
-  struct utsname name {};
-  int ret = uname(&name);
-  if (ret >= 0) {
-    nsAutoCString buf;
-    buf = (char*)name.sysname;
-    buf += ' ';
+  if (mozilla::StaticPrefs::network_http_useragent_freezeCpu()) {
+#  ifdef ANDROID
+    mOscpu.AssignLiteral("Linux armv81");
+#  else
+    mOscpu.AssignLiteral("Linux x86_64");
+#  endif
+  } else {
+    struct utsname name {};
+    int ret = uname(&name);
+    if (ret >= 0) {
+      nsAutoCString buf;
+      buf = (char*)name.sysname;
+      buf += ' ';

 #  ifdef AIX
-    // AIX uname returns machine specific info in the uname.machine
-    // field and does not return the cpu type like other platforms.
-    // We use the AIX version and release numbers instead.
-    buf += (char*)name.version;
-    buf += '.';
-    buf += (char*)name.release;
+      // AIX uname returns machine specific info in the uname.machine
+      // field and does not return the cpu type like other platforms.
+      // We use the AIX version and release numbers instead.
+      buf += (char*)name.version;
+      buf += '.';
+      buf += (char*)name.release;
 #  else
-    buf += (char*)name.machine;
+      buf += (char*)name.machine;
 #  endif

-    mOscpu.Assign(buf);
+      mOscpu.Assign(buf);
+    }
  }
 #endif

--- a/toolkit/components/resistfingerprinting/nsRFPService.h
+++ b/toolkit/components/resistfingerprinting/nsRFPService.h
@ -42,8 +42,8 @@
 #elif defined(MOZ_WIDGET_ANDROID)
 #  define SPOOFED_UA_OS "Android 10; Mobile"
 #  define SPOOFED_APPVERSION "5.0 (Android 10)"
-#  define SPOOFED_OSCPU "Linux aarch64"
-#  define SPOOFED_PLATFORM "Linux aarch64"
+#  define SPOOFED_OSCPU "Linux armv81"
+#  define SPOOFED_PLATFORM "Linux armv81"
 #else
 // For Linux and other platforms, like BSDs, SunOS and etc, we will use Linux
 // platform.