[spam] [random] google's clock is ahead of my cell phone's
# I'm imagining that data is communicated via server timestamps, and challenging myself to share evidence while holding the belief. It's like a holodeck roller coaster ride in my mind. ~ $ TZ=GMT date; curl -v google.com; TZ=GMT date Mon Jul 26 23:03:59 GMT 2021 * Trying 2607:f8b0:4006:807::200e:80... * Connected to google.com (2607:f8b0:4006:807::200e) port 80 (#0)
GET / HTTP/1.1 Host: google.com User-Agent: curl/7.77.0 Accept: */*
* Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Location: http://www.google.com/ < Content-Type: text/html; charset=UTF-8 < Date: Mon, 26 Jul 2021 23:04:06 GMT < Expires: Wed, 25 Aug 2021 23:04:06 GMT < Cache-Control: public, max-age=2592000 < Server: gws < Content-Length: 219 < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML> * Connection #0 to host google.com left intact Mon Jul 26 23:04:01 GMT 2021 ~ # google is 5-7 seconds ahead of me right now, which means my cell phone is storing photos of murders.
# I am presently seeding a number of torrents. Mon Jul 26 23:04:01 GMT 2021 ~ $ TZ=GMT date; curl -v google.com; TZ=GMT date Mon Jul 26 23:08:19 GMT 2021 * Trying 2607:f8b0:4006:807::200e:80... * Connected to google.com (2607:f8b0:4006:807::200e) port 80 (#0)
GET / HTTP/1.1 Host: google.com User-Agent: curl/7.77.0 Accept: */*
* Mark bundle as not supporting multiuse < HTTP/1.1 301 Moved Permanently < Location: http://www.google.com/ < Content-Type: text/html; charset=UTF-8 < Date: Mon, 26 Jul 2021 23:08:24 GMT < Expires: Wed, 25 Aug 2021 23:08:24 GMT < Cache-Control: public, max-age=2592000 < Server: gws < Content-Length: 219 < X-XSS-Protection: 0 < X-Frame-Options: SAMEORIGIN < <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="http://www.google.com/">here</A>. </BODY></HTML> * Connection #0 to host google.com left intact Mon Jul 26 23:08:20 GMT 2021 ~ $
On 7/26/21, Karl <gmkarl@gmail.com> wrote:
# I'm imagining that data is communicated via server timestamps
~ $ TZ=GMT date; curl -v google.com; TZ=GMT date Mon Jul 26 23:03:59 GMT 2021 < Date: Mon, 26 Jul 2021 23:04:06 GMT Mon Jul 26 23:04:01 GMT 2021
# google is 5-7 seconds ahead of me right now
That assumes you are correctly in sync with UTC. There is a related tool... https://github.com/ioerror/tlsdate Many other application protocols and data streams and services embed timestamps that could be extracted.
On Tue, Jul 27, 2021, 4:03 AM grarpamp <grarpamp@gmail.com> wrote:
On 7/26/21, Karl <gmkarl@gmail.com> wrote:
# I'm imagining that data is communicated via server timestamps
~ $ TZ=GMT date; curl -v google.com; TZ=GMT date Mon Jul 26 23:03:59 GMT 2021 < Date: Mon, 26 Jul 2021 23:04:06 GMT Mon Jul 26 23:04:01 GMT 2021
# google is 5-7 seconds ahead of me right now
That assumes you are correctly in sync with UTC.
Yeah phones sync kinda loosely. But it's notable the clocks their network syncs with are likely the atomic ones on gps satellites. I'm thinking timestamps help correlate things in logs. tlsdate is pretty cool. Well studied, widely available protocol. Doesn't form records around skew, though.
Here is a funny anecdote: Some time ago I was living in the NRQZ, where the caves are long and the EMR spectrum is empty. I was keeping my private cryptographic material on a off-the-shelf android phone with most of the antennas removed and their pins grounded, kept in airplane mode since purchase, chained to my belt. My undiagnosed neurological issues with controlling my hands had unfortunately developed already when setting that phone up, and I wasn't able to fully manage all the radios and antennas inside the device, but I figured it was still pretty helpful. Like many people used to do, I charged it with a 2-wire USB cable to make it hard to in/exfiltrate data on it. Because this phone was never online, the clock would skew badly. When I needed to use a second factor TOTP, I would have to manually set the date on it to get the right code, as it should be with TOTP. So I got pretty familiar with my clock being skewed. The people who worked the stores in this area often drove in from the edge, since product marketing is pretty heavy there and they wanted internet and such. They would take their phones into the area and use the bluetooth functionality with their vehicles or wifi tether them to illegal hotspots. At some point, my phone started turning it's bluetooth on, on its own. I don't know why this happens. It's happened to me on other devices - my present device included. When I notice, I turn it off. Phones are really used to assuming they're networked. Now, when an antenna is grounded, it can still communicate a little bit unless the radio itself is disabled. So, I was hiking to town for groceries one day because my vehicle had broken down, and one of the tellers took pity on me and offered to drive me to somebody who could tow my vehicle. Their car was set up for bluetooth with their phone. After my trip in their car, my phone's clock was synced. On its own. I didn't know a phone would sync its time over bluetooth. But now I know this can happen.
Additional factoids: - I don't think I had handled my bluetooth radio as much as the others. I was focusing on long-range radios. - I think I observed the phone opening its drop-down interface associated with kicking around in my pocket. There's a bluetooth toggle option in that interface, along with many other options.
participants (2)
-
grarpamp -
Karl