Firefox sends your uptime

defcon defconoii at
Sun Apr 20 06:08:09 UTC 2008

Here <> is some
information on this bug and other firefox privacy issues

On Sat, Apr 19, 2008 at 9:33 PM, Gregory Maxwell <gmaxwell at> wrote:

> On Sun, Apr 20, 2008 at 12:05 AM, Mike Perry <mikeperry at> wrote:
> > Thus spake .FUF (fuf at
> >  Incidentally, this was filed as Firefox Bug
> > They have a fix
> >  in the 3.0 branch. I requested backport into FF2.0.
> It looks like the change just makes it send the current time. While
> that should be an improvement, It's not at all clear to me that the
> privacy issues of this are fixed.
> Many many users do not have clocks which are accurate enough that
> second level quantization hides their skew. I've successfully used
> remote client time to identify trouble making users on IRC (though on
> IRC I had the benefit of the returned time being local time rather
> than GMT).
> If the world didn't end with the client sending uptime .. could
> perhaps it send some other value?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list