[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Do NTP and TCP timestamps really leak your local time?

Whonix and many other people use this as a source when saying NTP leaks the local time:

RFC5905:

Origin Timestamp (org): Time at the client when the request departed for the server, in NTP timestamp format.

But this says the time is in NTP timestamp format which is epoch time. Epoch time is universal and the same on all systems so this isn’t a problem.

The kernel docs say this about TCP timestamps:

1: Enable timestamps as defined in RFC1323 and use random offset for each connection rather than only using the current time.

So, setting net.ipv4.tcp_timestamps to 1 wouldn’t leak your local time as it uses a random one.

Is there something I’m missing here or are these really not leaking the local time?

NTP is not secure and besides it uses UDP (not functional over Tor) We have a lot of references explaining why it 's a bad thing.

for TCP timestamps see the reference also included in the page above:

https://mailman.boum.org/pipermail/tails-dev/2013-December/004520.html

I know why NTP is a bad thing but I just want to know if it really does leak the local time.

The only reference about it leaking the local time was the one I talked about in the post.

I get a 404 with that link.

I also know TCP timestamps by default do leak your local time but Linux seems to prevent that by using a random offset.

I found the commit that implemented the TCP timestamps random offset.

This was in 2016 and that link to the mailing list is from 2013 as indicated by the URL so they wouldn’t have known about this.

Maybe we should bring this to the Tails team and see what they have to say?

Sure, always feel free to start wider discussions across the ecosystem.
If it’s well researched like this, good might come out from it.

2 Likes
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]