[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox sends your uptime

Here is some information on this bug and other firefox privacy issues

On Sat, Apr 19, 2008 at 9:33 PM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:
On Sun, Apr 20, 2008 at 12:05 AM, Mike Perry <mikeperry@xxxxxxxxxx> wrote:
> Thus spake .FUF (fuf@xxxxxxxxxxxx):
>  Incidentally, this was filed as Firefox Bug
>  https://bugzilla.mozilla.org/show_bug.cgi?id=405652. They have a fix
>  in the 3.0 branch. I requested backport into FF2.0.

It looks like the change just makes it send the current time. While
that should be an improvement, It's not at all clear to me that the
privacy issues of this are fixed.

Many many users do not have clocks which are accurate enough that
second level quantization hides their skew. I've successfully used
remote client time to identify trouble making users on IRC (though on
IRC I had the benefit of the returned time being local time rather
than GMT).

If the world didn't end with the client sending uptime .. could
perhaps it send some other value?