Find some way to deal with time-based fingerprints

We have a few potential solutions to time-based fingerprinting attacks, some based in Torbutton, some based as patches to Tor Browser. This bug is the parent for all of them.

[[TicketQuery(parent=#3059 (moved),format=table,col=component|owner|summary|priority|points,order=priority)]]

changed milestone to %TorBrowserBundle 2.3.x-stable

added TorBrowserTeam201501 component::applications/tor browser milestone::TorBrowserBundle 2.3.x-stable owner::tbb-team priority::high resolution::fixed status::closed tbb-fingerprinting tbb-firefox-patch type::defect labels

Trac:
Description: We have a few potential solutions to time-based fingerprinting attacks, some based in Torbutton, some based as patches to Tor Browser. This bug is the parent for all of them.

[[TicketQuery(parent=#2871 (closed),format=table,col=component|owner|summary|priority|points,order=priority)]]

to

We have a few potential solutions to time-based fingerprinting attacks, some based in Torbutton, some based as patches to Tor Browser. This bug is the parent for all of them.

[[TicketQuery(parent=#3059 (moved),format=table,col=component|owner|summary|priority|points,order=priority)]]

Trac:
Parent: N/A to #2871 (closed)

Trac:
Cc: N/A to g.koppen@jondos.de

Trac:
Cc: g.koppen@jondos.de to g.koppen@jondos.de, lunar@debian.org

Trac:
Cc: g.koppen@jondos.de, lunar@debian.org to g.koppen@jondos.de, lunar@debian.org, StrangeCharm

Trac:
Milestone: N/A to TorBrowserBundle 2.3.x-stable

Trac:
Keywords: N/A deleted, tbb-fingerprinting added

Trac:
Parent: #2871 (closed) to N/A

Trac:
Cc: g.koppen@jondos.de, lunar@debian.org, StrangeCharm to g.koppen@jondos.de, lunar@debian.org, StrangeCharm, adrelanos@riseup.net

Trac:
Cc: g.koppen@jondos.de, lunar@debian.org, StrangeCharm, adrelanos@riseup.net to gk, lunar@debian.org, StrangeCharm, adrelanos@riseup.net

Trac:
Keywords: N/A deleted, tbb-firefox-patch added

Trac:
Owner: mikeperry to tbb-team
Component: Firefox Patch Issues to Tor Browser

Ok, so I think we finally have some semblance of direction here. We basically have two classes of time-based fingerprints:

1. Fingerprints that are due to high resolution timing information (such as keystroke fingerprinting, performance fingerprinting, and various side channel attacks). These tickets are now tagged with tbb-fingerprinting-time-highres. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-time-highres
2. Fingerprints that are due to the skew/delta between your local client clock and the webserver's notion of time. These tickets are now tagged with tbb-fingerprinting-time-skew. https://trac.torproject.org/projects/tor/query?keywords=~tbb-fingerprinting-time-skew

We are going to address both classes of issues with direct browser patches, though the latter class requires a reliable, authenticated timesource that is not capable of attacking users by manipulating their time in a targeted way. This may prove tricky.

Trac:
Resolution: N/A to fixed
Keywords: N/A deleted, TorBrowserTeam201501 added
Status: new to closed

There is still a major timestamp vector in the basic protocols left that needs to be addressed.

It belongs as a child ticket: https://trac.torproject.org/projects/tor/ticket/16659

Trac:
Username: source
Status: closed to reopened
Resolution: fixed to N/A

That #16659 (moved) is neither a browser issue, nor related to this ticket.

Trac:
Resolution: N/A to fixed
Status: reopened to closed

closed

mentioned in issue #3331 (closed)

mentioned in issue #3652 (moved)