If all TBB versions have the same user-agent/fingerprinting, then how does torcheck check if TBB is up to date? How the "know if I'm up to date" system works?
Asked
Active
Viewed 1,670 times
2 Answers
9
check.torproject.org does not test the version of your TBB (Tor Browser Bundle). The test is performed by the TBB itself and the information is explicitly passed to the server.
In the Firefox preferences check the Home Page setting. When TBB is up to date you will see:
https://check.torproject.org/?lang=en-US&small=1&uptodate=1
when TBB is out of date, you will see:
https://check.torproject.org/?lang=en-US&small=1&uptodate=0
So TBB itself (precisely said Torbutton) downloads list of recommended TBB versions, compares the installed version to it and tells the check.torproject.org server if it is up to date by the uptodate parameter in the URL. The check is performed by the Torbutton Firefox extension and then the Home Page is updated accordingly. See torbutton.js.
If check.torproject.org was able to directly see your TBB version then it would be a very serious security flaw.
pabouk - Ukraine stay strong
- 1,851
- 1
- 16
- 44
3
check.torproject.org has a manually updated list of "recommended" Tor Browser Bundle versions. It is trivial to check TBB's version against this list.
The Tor Browser Bundle's own version number is updated whenever any of its components are updated. The User-Agent string is not used at all. The actual version check is done by the Torbutton component.
Michael Hampton
- 358
- 4
- 12