[tor-talk] Browserspy knows my computer time
Joe Btfsplk
joebtfsplk at gmx.com
Tue Jan 10 16:44:53 UTC 2017
On 1/10/2017 3:53 AM, Georg Koppen wrote:
> Joe Btfsplk:
>> How does Browserspy.dk get the correct local time & time zone from TBB
>> 6.08 on my PC?
>>
> I guess https://trac.torproject.org/projects/tor/ticket/20981 is a good
> candidate for explaining this.
>
Thanks Georg. That sounds like it. Was "ToLocaleString" a recent
change in Firefox function (or browser standards) that wasn't caught by
Tor devs or users before Mozilla implemented it, or some other scenario?
Possibly another example of how dissidents, sympathizers, whistle
blowers connecting TBB directly through an ISP (certain countries) could
be more easily identified. Very difficult to consistently, quickly keep
all leaks patched.
When issues like this are 1st discovered, should there be a better
notification system for users, explaining risks and suggested
workarounds? Few users have time to read every new Trac report.
Even if they did, many users wouldn't how to avoid risks. Is there any
"early warning system" giving *precise* steps to avoid new anonymity
threats? Similar to warnings OS & software developers often issue?
AFAICT, Tor bugs are reported, but often no steps recommended to avoid
the danger, until patches can be developed. (Temporarily stop using TBB
for serious activities?) Does this at times leave some users totally
unaware they could be exposed in certain situations?
More information about the tor-talk
mailing list