Tor Bowser locale can be detected with FTP
xiaoyinl reported on HackerOne that the Tor Browser locale can be detected with FTP:
If a visitor navigates to a directory on a FTP server, Tor Browser shows a page displaying the directory tree. However, the source code of this page is generated by Tor Browser, rather than the server, because an FTP server only sends file info and the browser displays it in a nice format. Moreover, the FTP directory page is localized, even if the user has chosen not to reveal his/her UI language, i.e. privacy.spoof_english == 2.