[tor-bugs] #12999 [Tor Browser]: Use one clock skew per URL bar domain
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 29 23:24:25 UTC 2014
#12999: Use one clock skew per URL bar domain
---------------------------------+--------------------------------
Reporter: arthuredelstein | Owner: tbb-team
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-fingerprinting
Actual Points: | Parent ID: #3059
Points: |
---------------------------------+--------------------------------
Description changed by arthuredelstein:
Old description:
> When #3455 lands, Tor Browser will have a separate Identity (i.e.,
> circuit) for each URL bar domain. JavaScript clock skew fingerprinting is
> one way attackers can try to link Identities. Tor Browser could counter
> this by maintaining a separate clock skew for each URL bar domain.
>
> When the user browses to a new URL bar domain, Tor Browser would
> 1. Create a new circuit
> 2. Request clock skew from exit node (already tied to Identity)
> 3. Store clock skew in a skew->URL bar domain mapping
> 4. Apply clock skew to any JS clock requests under that domain
New description:
When #3455 lands, Tor Browser will have a separate Identity (i.e.,
circuit) for each URL bar domain. JavaScript clock skew fingerprinting is
one way attackers can try to link Identities. Tor Browser could counter
this by maintaining a separate clock skew for each URL bar domain.
When the user browses to a new URL bar domain, Tor Browser would
1. Create a new circuit
2. Request clock time from exit node (already tied to Identity)
3. Store clock skew in a one-to-one mapping of skews->URL bar domains
4. Apply clock skew to any JS clock requests under that domain
--
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12999#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list