Firefox sends your uptime
Gregory Maxwell
gmaxwell at gmail.com
Sun Apr 20 04:33:41 UTC 2008
On Sun, Apr 20, 2008 at 12:05 AM, Mike Perry <mikeperry at fscked.org> wrote:
> Thus spake .FUF (fuf at itdefence.ru):
> Incidentally, this was filed as Firefox Bug
> https://bugzilla.mozilla.org/show_bug.cgi?id=405652. They have a fix
> in the 3.0 branch. I requested backport into FF2.0.
It looks like the change just makes it send the current time. While
that should be an improvement, It's not at all clear to me that the
privacy issues of this are fixed.
Many many users do not have clocks which are accurate enough that
second level quantization hides their skew. I've successfully used
remote client time to identify trouble making users on IRC (though on
IRC I had the benefit of the returned time being local time rather
than GMT).
If the world didn't end with the client sending uptime .. could
perhaps it send some other value?
More information about the tor-talk
mailing list