Page MenuHomePhabricator

research if there are further local clock leaks on Whonix-Gateway
Open, NormalPublic


Quite a few local clock leaks in upstream projects have been identified and reported.

I think, there might be others. This is because I was involved in reporting some of these local clock leaks. They were only fixed, because by chance I happened to read historic Tor trac development discussions, and then using logic to draw the right conclusions, then reported bugs. I didn't read the related source codes nor checked with a traffic analyzer that there are no other local clock leaks. And I find it very likely, that no one else ever did that either, because these issues remained unnoticed for years.

[1] I remember having read a thread about apt-get. It was mentioned, that it leaks the language to remote servers. Perhaps also installed packages. Among other stuff. Possibly also local clock? Would be good to have a list of these leaks.


  • 1) ask TPO to think through if there are any further local clock leaks -> check Tor for local clock leaks
  • 2) research leaks by apt-get [1]
  • 3) figure out, and check using a tshark or wireshark regex that searches for timestamps



Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: security, research.
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, HulaHoop.

Are the instructions similar to the leaktests I ran before? How can I get started on this?

I don't think there are any existing information. This requires original

Apt is http with all that would mean. From research on http 1.1 only the server supports timestamp requests from the client nothing in the other direction. That makes sense or else a website can be able to know a workstation's time from an sdwdate query.