Opened 4 months ago

Last modified 3 months ago

#31324 reopened enhancement

Spoof the Tor Browser time displayed to websites if clocks are wrong

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting-time
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Javascript can be used to get the system time of a user. This allows for fingerprinting via different clock offsets and skews. This also may allow websites to determine the user's location by seeing which country has the same time as the user.

Currently, the Tor Browser spoofs the timezone displayed to websites to UTC but this doesn't spoof the actual system time which can still be gotten with new Date().

The Tor Browser should spoof the time shown to websites so all Tor Browser users have the same time or a random time.

Child Tickets

Change History (11)

comment:1 Changed 4 months ago by pospeselr

in the browser console:

new Date()
Date 2019-08-02T17:58:19.300Z // current UTC

do you have a repro?

comment:2 in reply to:  1 Changed 4 months ago by tom

Replying to pospeselr:

in the browser console:

new Date()
Date 2019-08-02T17:58:19.300Z // current UTC

do you have a repro?

This isn't about timezone, it's about exposing the time of your system. If your clock is off, that offset is potentially unique.

comment:3 Changed 4 months ago by pospeselr

Resolution: not a bug
Status: newclosed

I suspect we can reasonably assume our users have a working clock. Using a 'random' time (or an unchanging time) will almost certainly break websites in fun and interesting ways.

comment:4 Changed 4 months ago by cypherpunks

do you have a repro?

I created a test website here https://madaidan.github.io/

I suspect we can reasonably assume our users have a working clock.

It is not uncommon for people to have clocks off by a few minutes or seconds even with some form of time sync.

comment:5 Changed 4 months ago by tom

I actually tend to agree with cypherpunks here. I don't think it's something we should work on in the short - or even medium term - BUT...

Mozilla had vaguely discussed the idea of building in roughtime in the browser, but then we were stymied on what we would actually *use* it for. We thought we could use it for showing an accurate "Your clock is set wrong and that may be why you're getting cert errors" error page. But we were afraid of using it for anything else - like cert validation or Javascript - because people do actually rely on setting their system clock back or forward to test cert things or (more commonly) to cheat at online Javascript games.

But I don't think those things would preclude Tor Browser from doing the safer thing and a) getting an accurate clock from <something> and b) using it for everything. Under the guise of a) preventing NTP attacks and b) preventing fingerprinting based on clock skew.

comment:6 in reply to:  5 Changed 4 months ago by cypherpunks

But I don't think those things would preclude Tor Browser from doing the safer thing and a) getting an accurate clock from <something>

you could get clock from trusted DirAuthority or any other of the 1000's of relays :)

TLDR:

sets the local clock by securely connecting with TLS to remote
 servers and extracting the remote time out of the secure handshake.


see: https://github.com/ioerror/tlsdate/

would help for both,

a) preventing NTP attacks and b) preventing fingerprinting based on clock skew.

not ntp here. just block udp firewalled all along. tcp only to tor needed. with tlsdate.
.
if implented in browser. further preventing fingerprinting if all tor users use same time source for example from dirauthority handshake for example?!

Last edited 4 months ago by cypherpunks (previous) (diff)

comment:7 Changed 4 months ago by cypherpunks

Tor must be run on root level to change system clock

comment:8 Changed 4 months ago by gk

Resolution: not a bug
Status: closedreopened
Summary: Spoof the Tor Browser time displayed to websitesSpoof the Tor Browser time displayed to websites if clocks are wrong
Version: Tor: unspecified

comment:9 Changed 4 months ago by teor

It might be better for us to implement time-spoofing in tor, so that cells and certificates are consistent with application level time spoofing.

We could offer the approximate time delta to applications via the control port.

comment:10 Changed 4 months ago by cypherpunks

Tor must be run on root level to change system clock

It isn't going to change the system clock.

comment:11 Changed 3 months ago by sysrqb

Keywords: tbb-fingerprinting-time added
Note: See TracTickets for help on using tickets.