Time isolation?

z11 · April 30, 2015, 6:54am

I was wondering if it was possible to randomize identifying timestamps on socks/trans port connections either on uwt, workstation or gateway. My assumption is that it is currently easy to correlate activities using stream isolation as long as they share the same system time, i.e. originate from the same workstation

Or does this depend on the application or protocol whether it leaks the system time or not. If I use uwt stream isolation on the same application on same workstation that only deals with http, am I safe?

Is there any system that provides random system time for each application or multiple instances of applications, Qubes? Is this possible?

z11 · April 30, 2015, 7:28am

A different idea related to time anonymity (could be separated from this thread), Whonix could include a small gui app designed to easily change the created/modified/accessed timestamps of files or folders. This would help people who share files to hide information from adversaries about the date of file creation/download/access. I don’t know if such a tool exists for linux. Perhaps mat (metadata anonymisation toolkit) could implement this feature, but even then it would take a long time for the feature to appear in stable debian repositories.

HulaHoop · April 30, 2015, 1:09pm

This is an application level problem and not something Tor can be responsible for.

Normally a leaking protocol on a workstation leaks the randomly set time give to it by sdwdate. A different workstation would have a slightly different time.

HulaHoop · April 30, 2015, 1:20pm

MAT cleans file metadata including that information. Its included in Whonix.

z11 · April 30, 2015, 2:15pm

Yeah, Tor could not solve that problem, that’s why I’m raising it up here, Whonix or Qubes are the only likely systems to have the motivation or background to solve this problem.

I was talking about setting up custom timestamps, like NewFileTime does for Windows. mat does clean the timestamp by putting the “cleaning” time on each file which is another issue. Real time anonymity means the ability to put fake information in timestamp

Patrick · May 9, 2015, 7:02pm

Related, check this out. TODO documentation:
https://phabricator.whonix.org/T67

HulaHoop · May 9, 2015, 10:42pm

Interesting. libfaketime does what you need for processes and files.

Patrick · May 10, 2015, 9:58am

Related - or the whole thing? Check this out inside Whonix:

Shows a man page that comes with explanations, options, examples and a demonstration.

Does this what you were suggesting? @z

HulaHoop · May 10, 2015, 2:11pm

The whole thing because besides your scripts for spoofing system time for uwt wrapped processes, the libfaketime variable FAKETIME_SAVE_FILE can spoof timestamps for files.

Shows a man page that comes with explanations, options, examples and a demonstration.

Nice. Also its good that you upstream your works whenever possible.