[tbb-bugs] #18112 [Tor Browser]: TorButton logs + Tor logs = timezone leak
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jan 20 19:01:07 UTC 2016
#18112: TorButton logs + Tor logs = timezone leak
---------------------------+-----------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: new
Type: defect | Milestone:
Priority: Medium | Version: Tor: 0.2.7.6
Component: Tor | Keywords: tor tbb-torlauncher timezone-leak
Browser | Parent ID:
Severity: Normal | Sponsor:
Actual Points: |
Points: |
---------------------------+-----------------------------------------------
TorButton messages are timestamped with UTC time, Tor's with local time.
In combination the logs leak the user's timezone, free of context. (Tor
alone might leak the timezone depending on context.)
Sample (here the timezone would be GMT+5):
{{{
[01-18 01:14:04] Torbutton DBUG: Got timer update, but no cookie change.
Jan 18 06:14:30.000 [notice] Tried for 120 seconds to get a connection to
[scrubbed]:80. Giving up.
}}}
Also the formats don't match. The first is preferred, the second further
leaks the locale language.
Preferably, Tor should use UTC timestamps (perhaps controlled with a torrc
setting, see #15607) and numeric months.
As a temporary workaround, perhaps TorLauncher should set TZ to :UTC
(similar to TorButton, but see also #16622) before spawning Tor.
Also, in relation to the discussion in #15607: Logs are not API! Let
stupid programs break if necessary.
Tor Browser: 5.0.7
Tor: 0.2.7.6
TorLauncher: 0.2.7.7
TorButton: 1.9.3.7
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18112>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list