Opened 4 years ago

Last modified 4 years ago

#18112 new defect

TorButton logs + Tor logs = timezone leak

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version: Tor: 0.2.7.6
Severity: Normal Keywords: tor tbb-torlauncher timezone-leak
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

TorButton messages are timestamped with UTC time, Tor's with local time. In combination the logs leak the user's timezone, free of context. (Tor alone might leak the timezone depending on context.)

Sample (here the timezone would be GMT+5):

[01-18 01:14:04] Torbutton DBUG: Got timer update, but no cookie change.
Jan 18 06:14:30.000 [notice] Tried for 120 seconds to get a connection to [scrubbed]:80. Giving up.

Also the formats don't match. The first is preferred, the second further leaks the locale language.

Preferably, Tor should use UTC timestamps (perhaps controlled with a torrc setting, see #15607) and numeric months.

As a temporary workaround, perhaps TorLauncher should set TZ to :UTC (similar to TorButton, but see also #16622) before spawning Tor.

Also, in relation to the discussion in #15607: Logs are not API! Let stupid programs break if necessary.

Tor Browser: 5.0.7
Tor: 0.2.7.6
TorLauncher: 0.2.7.7
TorButton: 1.9.3.7

Child Tickets

Change History (1)

comment:1 Changed 4 years ago by cypherpunks

I was unsure under which component to file this report, please correct if appropriate.

Note: See TracTickets for help on using tickets.