[tor-talk] secure and simple network time (hack)

[adrelanos]

intrigeri:
> If so, from the PoV of a close network adversary, if Tails starts to
> use tlsdate in the clear, as a Tails user, then I'm part of the set of
> people who run tlsdate and start Tor soon after, and in the current
> state of things, this set would almost exactly match the set of
> Tails users.

Yes.

> The fact that ChromeOS uses tlsdate forces this kind of adversaries to
> detect "tlsdate followed by Tor", instead of merely detecting tlsdate
> alone, in order to detect Tails users. (Looks like we have to convince
> Google to run Tor by default on ChromeOS? :)

(Even if, wouldn't help. That would put you into the group of users who
run tlsdate followed by Tor followed by Tor traffic (Tails) compared to
users who run tlsdate followed by Tor, with almost no traffic. :)

> Therefore, I'm not convinced tlsdate in the clear would be any better,
> on the fingerprinting side of things, than the "htpdate in the clear"
> system we eventually managed to escape in Tails 0.9 and later.
> Which means it looks quite worse, fingerprinting-wise, than what we
> currently ship.
> 
> Thoughts?

Better don't run any htp/tlsdate traffic in the clear. As a future proof
solutoin... In future there might sophisticated steganograpic obfsproxy
transports and the clear htp/tlsdate traffic would ruin that.

Why don't we propose a clean solution for this time mess anyway? As
first step can we open the neccessary tickets? And as a second step
gsoc, sponsor, bounty or whatever. Idea... Can Tor code be changed to
not to depend on clock? What other solutions exist do solve that cleanly?

To make our life even worse... Sorry... But not using NTP and only
emmiting Tor traffic is also pretty clearly Tails. Because that puts you
in the group of users "Uses Tor, nothing else, but does not use NTP? How
many people act like this?". So you should at least emmit a fake NTP
query (when others that usuaally do) and drop it.