[tor-bugs] #30800 [Applications/Tor Browser]: ftp:// on Windows can be used to leak the system time zone

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 4 09:08:43 UTC 2019


#30800: ftp:// on Windows can be used to leak the system time zone
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-fingerprinting,                  |  Actual Points:
  TorBrowserTeam201907R, GeorgKoppen201907       |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by acat):

 I'm quite sure Gary said there was something missing/wrong in the patch in
 the uplift meeting, so I asked him about this (waiting for response).
 Meanwhile, by looking at it and trying an unpatched Firefox in Windows, I
 can see that one of the columns has a uint64 timestamp that seems to be
 timezone dependent (and that I think the patch is not addressing). It's
 the `sortable-data` property of the 3rd column, not visible. So this might
 be the issue Gary mentioned.

 Besides, I'm not sure why we could not use UTC instead of GMT when
 resistfingerprinting is on (at least that's the behaviour on Linux for me,
 and it does not leak the timezone).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30800#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list