Firefox sends your uptime
defcon
defconoii at gmail.com
Sun Apr 20 06:08:09 UTC 2008
Here <https://torbutton.torproject.org/dev/design/#FirefoxBugs> is some
information on this bug and other firefox privacy issues
On Sat, Apr 19, 2008 at 9:33 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Sun, Apr 20, 2008 at 12:05 AM, Mike Perry <mikeperry at fscked.org> wrote:
> > Thus spake .FUF (fuf at itdefence.ru):
> > Incidentally, this was filed as Firefox Bug
> > https://bugzilla.mozilla.org/show_bug.cgi?id=405652. They have a fix
> > in the 3.0 branch. I requested backport into FF2.0.
>
> It looks like the change just makes it send the current time. While
> that should be an improvement, It's not at all clear to me that the
> privacy issues of this are fixed.
>
> Many many users do not have clocks which are accurate enough that
> second level quantization hides their skew. I've successfully used
> remote client time to identify trouble making users on IRC (though on
> IRC I had the benefit of the returned time being local time rather
> than GMT).
>
> If the world didn't end with the client sending uptime .. could
> perhaps it send some other value?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080419/38595303/attachment.htm>
More information about the tor-talk
mailing list