[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] secure and simple network time (hack)


intrigeri wrote (25 Mar 2012 23:02:55 GMT) :
> Jacob Appelbaum wrote (20 Feb 2012 20:30:08 GMT) :
>> For a while I've been interested in secure network time that would
>> be useful for Tor users. Tor users generally need accuracy to the
>> hour in the local system clock.

> Thank you for tackling this problem.

... and thank you for going on with it!

>> As a result, I've also written another tool, tlsdate[1], that
>> I regularly use for setting my own clock.

> What network fingerprint does tlsdate currently display if I run it
> in the clear, without forwarding its traffic through Tor?

Jake asked me to have another look at tlsdate, which was uploaded to
Debian, so here it goes :)

(It's pretty clear I lack much of the background and intended usecase,
so please correct whatever is wrong in what follows!)

So, Jake tells me that ChromeOS will use tlsdate by default, and that
this should solve the fingerprinting issue. Therefore, I assume this
implicitly answer the (half-rhetorical, I admit) question I asked in
March, and I assume there is indeed some fingerprinting issue. So, in
the following I'll assume it's relatively easy, for a close network
adversary (say, my ISP) to detect that I'm using tlsdate.

From what I remember from our past attempts to discuss this on IRC,
I assume the intended usecase for Tails is to run tlsdate in the clear
(that is, without going through Tor) so that the clock is set before
Tor is started.

If so, from the PoV of a close network adversary, if Tails starts to
use tlsdate in the clear, as a Tails user, then I'm part of the set of
people who run tlsdate and start Tor soon after, and in the current
state of things, this set would almost exactly match the set of
Tails users.

The fact that ChromeOS uses tlsdate forces this kind of adversaries to
detect "tlsdate followed by Tor", instead of merely detecting tlsdate
alone, in order to detect Tails users. (Looks like we have to convince
Google to run Tor by default on ChromeOS? :)

Therefore, I'm not convinced tlsdate in the clear would be any better,
on the fingerprinting side of things, than the "htpdate in the clear"
system we eventually managed to escape in Tails 0.9 and later.
Which means it looks quite worse, fingerprinting-wise, than what we
currently ship.


(Seriously, please prove me wrong, my life would be easier as
a result :)

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
tor-talk mailing list