Firefox sends your uptime

Mike Perry mikeperry at
Sun Apr 20 04:05:23 UTC 2008

Thus spake .FUF (fuf at

> Mozilla Firefox sends your computer's uptime while establishing TLS
> (SSL) connection. This could be used to correlate anonymous traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted uptime
> values (or to search the originator of anonymous traffic by correlating
> uptime values from TCP timestamps in GNU/Linux and some other operating
> systems).
> Tested with latest Firefox versions (including Betas) on Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux box due to
> some patches...
> Details:
> RFCs 2246, 4346 describe following structure (part of TLS Client Hello
> packet):
>      struct {
>          uint32 gmt_unix_time;
>          opaque random_bytes[28];
>       } Random;
> Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in UNIX format.

Incidentally, this was filed as Firefox Bug They have a fix
in the 3.0 branch. I requested backport into FF2.0.

Mike Perry
Mad Computer Scientist evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <>

More information about the tor-talk mailing list