Re: [Tails-dev] [Tails-ux] Tails Greeter settings

Hi,

sajolida (2020-02-25):
> Surprisingly, it's not even clear to me what the implications of the
> Language and Region settings can be on privacy. So I'm moving the
> discussion to tails-dev@??? in order to ask our fellow developers.

First, most, if not all, exploited applications have access to
locale configuration.

Wrt. network fingerprinting:

- We have to assume that some applications may expose the system's
locale configuration as part of their network activity.

- For Tor Browser and Thunderbird, our configuration tries to avoid
this (best effort) but it's impossible to prove we did not
miss anything.

Wrt. local storage:

- If an adversary can read the content of the persistent storage, I'm
pretty sure that the locale configuration can be easily inferred
from that.

- If/once we allow persisting the locale in cleartext on the system
partition, this information will be available to an adversary
who seizes the Tails device.