Firefox sends your uptime

tor user tor_user at
Sat Apr 5 20:24:42 UTC 2008

> Mozilla Firefox sends your computer's uptime while
> establishing TLS
> (SSL) connection. This could be used to correlate anonymous
> traffic with
> non-anonymous (e.g. LAN traffic) by correlating intercepted
> uptime
> values (or to search the originator of anonymous traffic by
> correlating
> uptime values from TCP timestamps in GNU/Linux and some
> other operating
> systems).
> Tested with latest Firefox versions (including Betas) on
> Windows. Should
> also work on GNU/Linux too, but not works on my ArchLinux
> box due to
> some patches...
> Details:
> RFCs 2246, 4346 describe following structure (part of TLS
> Client Hello
> packet):
>      struct {
>          uint32 gmt_unix_time;
>          opaque random_bytes[28];
>       } Random;
> Firefox sends your uptime in "gmt_unix_time"
> field (seconds since boot).
> Other browsers (IE, Opera) send your current system time in
> UNIX format.
> So, use your Firefox carefully ;)

How can this be mitigated? Does it help to replace the field with a random number, or set it to zero, or would that just lead to more problems for anonymity? 

You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.

More information about the tor-talk mailing list