Use one clock skew per URL bar domain
When #3455 (moved) lands, Tor Browser will have a separate Identity (i.e., circuit) for each URL bar domain. JavaScript clock skew fingerprinting is one way attackers can try to link Identities. Tor Browser could counter this by maintaining a separate clock skew for each URL bar domain.
When the user browses to a new URL bar domain, Tor Browser would
- Create a new circuit
- Request clock time from exit node (already tied to Identity)
- Store clock skew in a one-to-one mapping of skews->URL bar domains
- Apply clock skew to any JS clock requests under that domain