Firefox sends your uptime

tor user tor_user at yahoo.com
Sat Apr 5 20:24:42 UTC 2008


> Mozilla Firefox sends your computer's uptime while
> establishing TLS
> (SSL) connection. This could be used to correlate anonymous
> traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted
> uptime
> values (or to search the originator of anonymous traffic by
> correlating
> uptime values from TCP timestamps in GNU/Linux and some
> other operating
> systems).
> 
> Tested with latest Firefox versions (including Betas) on
> Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux
> box due to
> some patches...
> 
> Details:
> 
> RFCs 2246, 4346 describe following structure (part of TLS
> Client Hello
> packet):
> 
>      struct {
>          uint32 gmt_unix_time;
>          opaque random_bytes[28];
>       } Random;
> 
> Firefox sends your uptime in "gmt_unix_time"
> field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in
> UNIX format.
> 
> So, use your Firefox carefully ;)

How can this be mitigated? Does it help to replace the field with a random number, or set it to zero, or would that just lead to more problems for anonymity? 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com



More information about the tor-talk mailing list