A global adversary has all the time in the world to mount finely tuned MITM attacks on ntp - even on a per city or region basis to narrow down user sets. This is needed and for everyone, especially users who are not consistently online.
I suggest the inclusion of a script to automate the process of setting a random clock offset upon vm start-up. This will be included in the tar.gz file with the image and xml configuration files. A simple readme file with instruction (that I can write) on how to use this is important to guide users. Running scripts on startup can be accomplished through the GUI of most modern Desktop Environments and should not be an impediment to usability.
Wrong recipient? I was thinking about a feature request against KVM, not Whonix. The KVM devs shouldn't add a script.
Maybe I am not doing a good job explaining what I mean by offset.
VBoxManage modifyvm "Whonix-Gateway" --biossystemtimeoffset +27931
VM will be set 27931milliseconds in future, thus unlinking milliseconds from the host.
Our first step needs to be to find an equivalent of this command or setting for KVM. Have we already figured that out?
Next step would be having a script that automates this.
VBoxManage modifyvm "Whonix-Gateway" --biossystemtimeoffset +"$x"
Where variable $x is a random integer between 500(?) and 99500.
Next step would be getting rid of the script by having this range a feature of the virtualizer.
A feature request for VirtualBox could be:
At the moment biossystemtimeoffset expects an integer in milliseconds.
It would be nice to have to support random ranges for biossystemtimeoffset, i.e. biossystemtimeoffsetmin -99500, biossystemtimeoffsetmax +99500. VirtualBox would then pick a random value between -99500 and +99500 and use that as biossystemtimeoffset.
This would help to defend against time based fingerprinting attacks.
Well, the feature request doesn't sound so exciting. I doubt either VirtualBox or KVM developers will be excited about it. However, it is important to write https://www.whonix.org/wiki/Dev/TimeSync and the feature request as clear as possible, so as many people as possible understand it, so some day someone capable of C(++) can implement the feature for Whonix.