Whonix defeats this and other time attacks since it uses sdwdate which connects to a variety of servers (likely to be hosted on different hardware) at random intervals and extracts time stamps from the https headers.
Most importantly, it sets the time. Because by the description above, if it was that alone, it wouldn’t solve it.
Clock Skew Attack - With this type of attack, an adversary acquires the time stamp of a Hidden Service http header and measures the skew. (clock skewing)(w) The adversary compares the acquired time stamp to that of Tor relays or other publicly reachable web servers. If the time skew of the Hidden Service server matches any of the publicly reachable servers or Tor relays, it is very likely the Hidden Service is hosted on the same server. Whonix defeats this and other time attacks since it uses sdwdate which connects to a variety of servers (likely to be hosted on different hardware) at random intervals and extracts time stamps from the https headers. To be fair, when this attack was first described Whonix did not exits.
Can it be called an attack? Any better term?
Could you add do something about TLS HELLO gmt_unix_time (#8751) · Issues · Legacy / Trac · GitLab (rewritten) as well please? (Clock also matters for client users, not only onion service hosts.)
There is another TimeSync: Whonix Time Synchronization Mechanism but more complex, perhaps it should be renamed?