[tor-bugs] #6314 [TorBirdy]: prevent leak via Date header field (local timestamp disclosure)
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 26 04:49:16 UTC 2014
#6314: prevent leak via Date header field (local timestamp disclosure)
--------------------------+----------------------
Reporter: tagnaq | Owner: ioerror
Type: defect | Status: new
Priority: major | Milestone:
Component: TorBirdy | Version:
Resolution: | Keywords: SponsorT
Actual Points: | Parent ID: #9131
Points: |
--------------------------+----------------------
Comment (by saint):
Replying to [comment:13 sukhbir]:
> I also personally think that removing the date entirely is not a good
idea -- it will likely break things and even if it doesn't for the cases
we test with, getting such a patch accepted is going to be very difficult.
Yes, it seems like this option is holding up patch acceptance. I read the
bug reports after hearing it referenced as a GSoC project. =)
> ... and set hh:mm:ss to 00:00:00 or randomize it.
These are both decent options for enhancing location anonymity, but have
negative effects on conversations since it affects email sequence.
Perhaps detect local time and adjust to UTC? e.g. it's 11:45 EST my time,
but the sent message would read as 4:45 UTC. Or defer to a server for
time information (tlsdate style)?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6314#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list