How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?

Mike Perry mikeperry at fscked.org
Tue Sep 7 08:53:31 UTC 2010 

Thus spake Matthew (pumpkin at cotse.net):

> On 05/09/10 21:11, Geoff Down wrote:
> >Did you select a time zone when you set up the account?
> >I assume you are using Torbutton, which blocks Javascript being used to
> >read your local clock.
> >GD
> >
> AIUI, Gmail uses JavaScript to detect the time zone (but not the time) on 
> the client machine.  When I use NoScript with Gmail as untrusted, Gmail 
> cannot use JavaScript.  Changing the time zone settings (for example to 
> something five hours behind my real time zone) does not then change the 
> time at which e-mail appears to arrive in the Gmail inbox since this 
> requires JavaScript which is not used since Gmail is considered untrusted.

Please actually use Torbutton instead of speculating about what
protections it provides, trying to compensate with ad-hoc homebrew
approaches, and then complaining to the list when the results aren't
what you expect.

https://www.torproject.org/torbutton/design/#adversary

Noscript can have all sorts of surprising results when you allow
javascript from other domains.

> However, since many websites do require JavaScript, whether or not one is 
> using NoScript and / or TorButton, my question was:
> 
> If Gmail can get the time zone via JavaScript (when the client is using 
> Tor) then why can it not get the "real" IP also via JavaScript (when the 
> client is using Tor)?  I don't think it can get the real IP since I have 
> used various tests including http://www.decloak.net/ and Tor with 
> JavaScript does not reveal the real IP.  But why not?

Javascript cannot unmask your IP. The attacks on decloak and elsewhere
are all about causing plugins and external applications to launch,
which NoScript does not protect against.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100907/46be15ef/attachment.pgp>

More information about the tor-talk mailing list