Hi,
it was brought to our attention (thanks Jacob!) that TCP timestamps
(net.ipv4.tcp_timestamps) are enabled in Tails, and this might be
a problem.
In a nutshell, we're said that the risks that go with the current
setting are:
1. The system uptime can be inferred from this information.
2. The system clock can be tracked down to the millisecond.
As far as I understand it, in the context of Tails, this can be done
by an attacker who monitors the network somewhere between the attacked
Tails system and the Tor entry nodes being used. Right?
I must admit that I did not look closely enough, so in what follows,
I'm assuming that this information is not forwarded by the three Tor
hops to the other side of the connection. Please correct me if
I'm wrong.
Given such an attacker anyway knows the public IP used by the attacked
system, I don't really get why Jacob calls this a "Major privacy info
leak". May you please clarify what exact threat you have in mind?
Off the top of my head, I can think of:
a. Finding out how long a given Tails system has been running: if an
attacker in this position got to watch the network (close enough
to the attacked system) when it was bootstrapping Tor, then they
can learn this too. I'm not overly concerned by this threat.
b. Distinguishing several Tails systems running behind NAT and using
the same IP address: I would call this a minor issue, and the
same reasoning as in (a) applies.
A very quick web search seems to indicate that disabling TCP
timestamps brings its own share of issues: first, disabling TCP
timestamps also disables the TCP protection against wrapped sequence
numbers mechanism; second, TCP timestamps seem to be a pretty useful
performance feature of TCP.
That's why I am reluctant to disable this feature without knowing what
exact problem we would solve. I'm all ears :)
Thanks in advance.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc