[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firefox sends your uptime

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Firefox sends your uptime
From: tor user <tor_user@xxxxxxxxx>
Date: Sat, 5 Apr 2008 13:24:42 -0700 (PDT)
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 05 Apr 2008 16:26:57 -0400
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Message-ID; b=ifVr50wMWGGRF0Chy1fKou2u6sGVGCzNBG9Xr/fnP8JFsQWPmWv7C0Ary0oCjpFtGXz8QakCtHjoGtntWYZUlPYHeaFGvMxMUb8EhB1LaZtJlQinzVRPLme4Z9xm7+sw4Hm09zkr1I82x7x5wj65nuOISTPyE1tijlK9dOp5MEY=;
In-reply-to: <47F74DF9.6060909@xxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

> Mozilla Firefox sends your computer's uptime while
> establishing TLS
> (SSL) connection. This could be used to correlate anonymous
> traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted
> uptime
> values (or to search the originator of anonymous traffic by
> correlating
> uptime values from TCP timestamps in GNU/Linux and some
> other operating
> systems).
> 
> Tested with latest Firefox versions (including Betas) on
> Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux
> box due to
> some patches...
> 
> Details:
> 
> RFCs 2246, 4346 describe following structure (part of TLS
> Client Hello
> packet):
> 
>      struct {
>          uint32 gmt_unix_time;
>          opaque random_bytes[28];
>       } Random;
> 
> Firefox sends your uptime in "gmt_unix_time"
> field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in
> UNIX format.
> 
> So, use your Firefox carefully ;)

How can this be mitigated? Does it help to replace the field with a random number, or set it to zero, or would that just lead to more problems for anonymity? 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com

References:
- Firefox sends your uptime
  - From: .FUF

Prev by Author: Re: Smallest cheapest device to run a tor home server?
Next by Author: Re: [OT] mitigating or defeating syntax analysis
Previous by thread: Re: Firefox sends your uptime
Next by thread: Re: Firefox sends your uptime
Index(es):
- Author
- Thread