System time as cookie/deanonymization?
One of these days, I saw a box whose system time was off by about a minute. No big deal in this case, but significantly smaller difference is a fingerprint of the machine: Alice is off by -0.58390128310s, etc. Getting very good approximation of system time from a browser is not very trivial, but likely writing something like NTP in javascript is doable. Read that tor browser bundle downgrades the clock resolution possibly for other reasons, but IIRC the resolution was enough for this purpose. Can this be used for cookie/deanonymization? Anyone already implemented it/wrote a paper? Quick web search didn't answer exactly this.
On Wed, Jul 27, 2016 at 3:58 PM, Georgi Guninski <guninski@guninski.com> wrote:
Getting very good approximation of system time from a browser is not very trivial, but likely writing something like NTP in javascript is doable.
Haven't tried it, but this JS library claims to return microsecond-resolution system time in a vareity of browsers: https://github.com/medikoo/microtime-x
On Wed, Jul 27, 2016 at 06:55:52PM +0800, Jason McVetta wrote:
On Wed, Jul 27, 2016 at 3:58 PM, Georgi Guninski <guninski@guninski.com> wrote:
Getting very good approximation of system time from a browser is not very trivial, but likely writing something like NTP in javascript is doable.
Haven't tried it, but this JS library claims to return microsecond-resolution system time in a vareity of browsers: https://github.com/medikoo/microtime-x
Thanks. I don't think this library is enough. AFAICT, the lib gives you high precision time _in the browser_, but this is not enough for the question. To get it, you use the network which is of unknown latency (unless you sniff it). To get the system time you must know: 1. When you got the time 2. When you received the time Something like Eisenstein's theory about impossibility to synchronize clocks with super-light speed. Sometimes I wonder what is so special about the speed of light and if humans were blind per design and didn't know what light is, would they replace "speed of light with 'speed of fastest thing they can measure", explaining relativity with "the fast thing slows down near `matter'" ;) (this paragraph is just trolling).
From: Georgi Guninski <guninski@guninski.com>
To get it, you use the network which is of unknown latency (unless you sniff it). To get the system time you must know: 1. When you got the time 2. When you received the time
Something like Eisenstein's theory about impossibility to synchronize clocks with super-light speed. Sometimes I wonder what is so special about the speed of light and if humans were blind per design and didn't know what light is, would they replace "speed of light with 'speed of fastest thing they can measure", explaining relativity with "the fast thing slows down near `matter'" ;) (this paragraph is just trolling). As I recall, it is impossible to (perfectly) synchronize a rotating assemblage of clocks.Since Earth is rotating, that means all clocks on it (except at the poles) are rotating, too. This is related: https://en.wikipedia.org/wiki/Einstein_synchronisation Interesting side-side-issue: https://en.wikipedia.org/wiki/Quantum_entanglement Scientists have continued to experiment with the use of optical fibers to study quantumentanglement. http://phys.org/news/2008-06-world-largest-quantum-bell-spans.html(no relation, of course) They generated photon-pairs which were quantum-entangled, sent them in opposite directions, made their measurements far away, and found(as they kinda-sorta expected) that the first measurement somehow affected the secondmeasurement many kilometers away. I read a few years ago, somewhere, that in such a test they were able to exclude the possibility of a direct-communication effect manipulating the results unless it wereat a speed of at least 10,000 c (10,000x the speed of light in a vacuum.) Perhaps this system could be used to synchronize clocks. Although, since the speed of light in an optical fiber is very constant over time (assuming the temperature isn'tchanging) then very good results can obviously be obtained using the far more mundanesystem. Interesting tidbit: A 1 centimeter change in the altitude of a clock, at about the Earth'ssurface, changes the rate of that clock by about 1 part in 10E18. (My own calculation: Itmight be a factor of 2 off.) Experimental clocks of approximately this accuracy exist.http://www.nature.com/nature/journal/vaop/ncurrent/abs/nature12941.html?mess... In addition, "nuclear clocks" are talked about. (although they are somewhat hard toGoogle-search because of term confusion with the "Doomsday Clock". here's an example:http://www.forbes.com/sites/chadorzel/2016/05/17/why-do-physicists-want-a-nu...
Jim Bell
participants (3)
-
Georgi Guninski -
Jason McVetta -
jim bell