[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox sends your uptime

> Mozilla Firefox sends your computer's uptime while
> establishing TLS
> (SSL) connection. This could be used to correlate anonymous
> traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted
> uptime
> values (or to search the originator of anonymous traffic by
> correlating
> uptime values from TCP timestamps in GNU/Linux and some
> other operating
> systems).
> Tested with latest Firefox versions (including Betas) on
> Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux
> box due to
> some patches...
> Details:
> RFCs 2246, 4346 describe following structure (part of TLS
> Client Hello
> packet):
>      struct {
>          uint32 gmt_unix_time;
>          opaque random_bytes[28];
>       } Random;
> Firefox sends your uptime in "gmt_unix_time"
> field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in
> UNIX format.
> So, use your Firefox carefully ;)

How can this be mitigated? Does it help to replace the field with a random number, or set it to zero, or would that just lead to more problems for anonymity? 

You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.