Firefox sends your uptime

.FUF fuf at
Sat Apr 5 10:01:29 UTC 2008

Mozilla Firefox sends your computer's uptime while establishing TLS
(SSL) connection. This could be used to correlate anonymous traffic with
non-anonymous (e.g. LAN traffic) by correlating intercepted uptime
values (or to search the originator of anonymous traffic by correlating
uptime values from TCP timestamps in GNU/Linux and some other operating

Tested with latest Firefox versions (including Betas) on Windows. Should
also work on GNU/Linux too, but not works on my ArchLinux box due to
some patches...


RFCs 2246, 4346 describe following structure (part of TLS Client Hello

     struct {
         uint32 gmt_unix_time;
         opaque random_bytes[28];
      } Random;

Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
Other browsers (IE, Opera) send your current system time in UNIX format.

So, use your Firefox carefully ;)

More information about the tor-talk mailing list