I notice that all the files of Tor Browser have timestamp 2000-01-01 00:00:00 +0000
.
What is the reason for this?
I notice that all the files of Tor Browser have timestamp 2000-01-01 00:00:00 +0000
.
What is the reason for this?
Probably to prevent metadata leaks.
Probably reproducible builds.
reference:
Probably to prevent metadata leaks.
How do such leaks work?
Probably reproducible builds.
Is this what you mean?
When looking for other info, I have seen in the source code of Tails that they explicitly run find ... -exec touch --date="${tbb_timestamp}" "{}" \;
. That, however, will obviously work only for files, as dirs’ timestamps will change.
What I am actually interested in is if and how unified timestamps contribute to TB’s project goal.
Yes.
Reproducible builds.
See also:
Thanks.
By project goal I mean anonymity, i.e. I wonder if it has any direct relation to it or if it is just a technical detail of the reproducible build technology (which itself is a tool towards the project goal).
To put it differently - is one less anonymous if one changes the timestamps and how exactly (if yes)?
I am asking this because, as discussed, web JS and extensions have no direct access to local files anyway.
Required technical detail to accomplish reproducible builds.
Nobody ever made such an argument to my knowledge.
In the case that your Tor Browser (session) is compromised, an attacker may be able to determine various metadata about the user that may lead to deanonymization. For example, if you decide to change your operating system’s date, time, and time zone, then modify files, an attacker could use that information to build a profile of you, if not done so already. The most valuable metadata would be time zone, as that isolates a user to specific regions.
In the case that your Tor Browser (session) is compromised
How exactly does this happen?
an attacker may be able to determine various metadata about the user that may lead to deanonymization.
But website JS and extensions have no direct access to local files.
Please explain the actual attack scenario.
There are many attack vectors, from privilege escalation of Tor Browser itself to crafting malicious downloaded files that report home when opened.
privilege escalation of Tor Browser
How exactly does this work?
malicious downloaded files that report home when opened.
Such malware can read any other file, not just TB’s. So, that seems unrelated.
I will let you know once I have the opportunity to learn and practice penetration testing myself.