[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Firefox sends your uptime



Mozilla Firefox sends your computer's uptime while establishing TLS
(SSL) connection. This could be used to correlate anonymous traffic with
non-anonymous (e.g. LAN traffic) by correlating intercepted uptime
values (or to search the originator of anonymous traffic by correlating
uptime values from TCP timestamps in GNU/Linux and some other operating
systems).

Tested with latest Firefox versions (including Betas) on Windows. Should
also work on GNU/Linux too, but not works on my ArchLinux box due to
some patches...

Details:

RFCs 2246, 4346 describe following structure (part of TLS Client Hello
packet):

     struct {
         uint32 gmt_unix_time;
         opaque random_bytes[28];
      } Random;

Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
Other browsers (IE, Opera) send your current system time in UNIX format.

So, use your Firefox carefully ;)