feat: User-agent reduction

Unfortunately, the reduced user-agent doesn't fool the google login
form, but at least reduces the amount of leaked information.

2 files changed, 63 insertions, 1 deletions

diff --git a/packages/main/src/index.ts b/packages/main/src/index.ts
index 4308d55..b6df67b 100644
--- a/packages/main/src/index.ts
+++ b/packages/main/src/index.ts
@@ -39,6 +39,7 @@ import {
   openDevToolsWhenReady,
 } from './devTools';
 import { createRootStore } from './stores/RootStore';
+import { reduceUserAgent } from './userAgent';
 
 const isDevelopment = import.meta.env.MODE === 'development';
 
@@ -66,7 +67,7 @@ app.commandLine.appendSwitch(
 
 // Remove sophie and electron from the user-agent string to avoid detection.
 const originalUserAgent = app.userAgentFallback;
-const userAgent = originalUserAgent.replaceAll(/ ([Ss]ophie|Electron)\/[0-9.]+/g, '');
+const userAgent = reduceUserAgent(originalUserAgent);
 // Removing the electron version breaks redux devtools, so we only do this in production.
 if (!isDevelopment) {
   app.userAgentFallback = userAgent;
diff --git a/packages/main/src/userAgent.ts b/packages/main/src/userAgent.ts
new file mode 100644
index 0000000..298e565
--- /dev/null
+++ b/packages/main/src/userAgent.ts
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C)  2021-2022 Kristóf Marussy <kristof@marussy.com>
+ *
+ * This file is part of Sophie.
+ *
+ * Sophie is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, version 3.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+/**
+ * @file Based on the javascript code snippet available at
+ * https://github.com/GoogleChrome/developer.chrome.com/blob/c33f7f4f2964e7deb28aee44de745c3725b70063/site/en/docs/privacy-sandbox/user-agent/snippets/index.md
+ *
+ * Used under the Apache 2.0 license according to
+ * https://github.com/GoogleChrome/developer.chrome.com/blob/c33f7f4f2964e7deb28aee44de745c3725b70063/LICENSE
+ */
+
+const electronUAParts = / (sophie|Electron)\/[^\s]+/g;
+const chromeUAs = /^Mozilla\/5\.0 \(((?<platform>Lin|Win|Mac|X11; C|X11; L)+[^\)]+)\) AppleWebKit\/537.36 \(KHTML, like Gecko\) Chrome\/(?<major>\d+)[\d\.]+(?<mobile>[ Mobile]*) Safari\/537\.36$/;
+const unifiedPlatform = {
+  'Lin': 'Linux; Android 10; K',
+  'Win': 'Windows NT 10.0; Win64; x64',
+  'Mac': 'Macintosh; Intel Mac OS X 10_15_7',
+  'X11; C': 'X11; CrOS x86_64',
+  'X11; L': 'X11; Linux x86_64',
+};
+
+/**
+ * Reduces the information exposed in the user-agent string.
+ *
+ * @param userAgent The original user-agent string.
+ * @returns The reduces user-agent string.
+ * @see https://developer.chrome.com/docs/privacy-sandbox/user-agent/
+ */
+export function reduceUserAgent(userAgent: string): string {
+  const userAgentWithoutElectron = userAgent.replaceAll(electronUAParts, '');
+  const matched = chromeUAs.exec(userAgentWithoutElectron) as unknown as {
+    groups: {
+      platform: 'Lin' | 'Win' | 'Mac' | 'X11; C' | 'X11; L',
+      major: string,
+      mobile: string,
+    }
+  };
+  if (matched) {
+    return `Mozilla/5.0 (${unifiedPlatform[matched.groups.platform]}) ` +
+      `AppleWebKit/537.36 (KHTML, like Gecko) ` +
+      `Chrome/${matched.groups.major}.0.0.0${matched.groups.mobile} Safari/537.36`
+  }
+  return userAgentWithoutElectron;
+}