Firefox sends your uptime
defconoii at gmail.com
Sun Apr 20 06:08:09 UTC 2008
Here <https://torbutton.torproject.org/dev/design/#FirefoxBugs> is some
information on this bug and other firefox privacy issues
On Sat, Apr 19, 2008 at 9:33 PM, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Sun, Apr 20, 2008 at 12:05 AM, Mike Perry <mikeperry at fscked.org> wrote:
> > Thus spake .FUF (fuf at itdefence.ru):
> > Incidentally, this was filed as Firefox Bug
> > https://bugzilla.mozilla.org/show_bug.cgi?id=405652. They have a fix
> > in the 3.0 branch. I requested backport into FF2.0.
> It looks like the change just makes it send the current time. While
> that should be an improvement, It's not at all clear to me that the
> privacy issues of this are fixed.
> Many many users do not have clocks which are accurate enough that
> second level quantization hides their skew. I've successfully used
> remote client time to identify trouble making users on IRC (though on
> IRC I had the benefit of the returned time being local time rather
> than GMT).
> If the world didn't end with the client sending uptime .. could
> perhaps it send some other value?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tor-talk