|
|
|
|
|
|
by nikcub
4753 days ago
|
|
|
The theory is that the frequency of requests, timezone, server being used and time skew (see also[1]) provide enough bits of information to identify a client. The exit node or ISP could also forge a response and set the clock a unique amount of time out of sync which can later be identified over a non-anon network. Whonix, the privacy oriented Linux distribution which uses two virtual machines (an isolating proxy and then a client on a private network) disable NTP by default and require the user to sync time out-of-band because of these concerns. There is a section in their docs about NTP[2] [1] http://www.reddit.com/r/onions/comments/10usgv/clock_skewing... [2] http://sourceforge.net/p/whonix/wiki/Advanced%20Security%20G... |
|
|
Timezones and NTP? NTP does not use time zones so I am not sure what that has to do with anything.
Exit nodes forging ntp responses? That is going to be pretty tough. Last time I checked tor has a tcp fetish and ntp is squarely in the udp camp.
I checked the reddit link. Lets skip over the fact that you said "identify a client" and the reddit link is about hidden services. In order to work it requires that the hidden service serves http, serves http over plain ipv4, and is running on a computer that is also a relay. So that is not "simple" but most importantly it has very little to do with ntp requests.
I'm not going to lie, I stopped reading the whonix documentation after the first three paragraphs and i have pasted them below:
Can you see why I stopped reading when I did? It seems like you may have disremembered the details of the "simple ntp synch requests" can give a way a users identity attack.