Firefox sends your uptime

.FUF fuf at
Sat Apr 5 13:44:39 UTC 2008

Geoffrey Goodell ?????:
> On Sat, Apr 05, 2008 at 02:01:29PM +0400, .FUF wrote:
>> Firefox sends your uptime in "gmt_unix_time" field (seconds since boot).
>> Other browsers (IE, Opera) send your current system time in UNIX format.
> Even sending the current system time is somewhat troublesome, since
> small inaccuracies may be likely to remain relatively constant over long
> periods, allowing an attacker to observe, for example, which machine is
> twenty seconds slow.  Not sure about to what extent running NTP
> ameliorates this.
> Geoff

Yes, but running NTP syncs can transform this attack to "end-to-end
confirmation" attack. Attacker can modify NTP packets (they are being
sent over UDP) to hijack your current time (e.g. move it +12 seconds
forward) and then correlate HTTPS traffic from anonymous network (or
HTTP traffic from hidden service by looking at "Date:" field in HTTP

More information about the tor-talk mailing list