Tamborino
2023-07-06 16:24:07 UTC
Can someone explain WHY Mozilla Firefox Tor Browser does what it does?
[1] I found a great script on alt.msdos.batch for anti-fingerprinting
[2] I've been booting to that wonderful tz script for more than a year
[3] It randomly changes the system timezone for anti-fingerprinting
[4] Upon rebooting, it first kicks off a 3rd-party taskbar time-zone clock
[5] Which perfectly covers over & replaces the original taskbar clock
[6] Even down to the "Sergoe UI (9pt)" taskbar fonts (I make mine bold)
[7] Such that there is no indication to me of what timezone I'm set to
[8] Which has been working fine for about a year with no problems at all
The only issue is minor and I understand it at the top level only.
My question here is to see if someone understands it at a deeper level.
It's known (from bug reports) that the Mozilla Firefox Tor Browser has
initial connection problems when the timezone of the system isn't what the
Mozilla Firefox Tor Browser thinks the timezone of the system should be.
"Timezone and Clock Offset
While the latency in Tor connections varies anywhere from milliseconds to a
few seconds, it is still possible for the remote site to detect large
differences between the user's clock and an official reference time source.
Design Goal: All Tor Browser users MUST report the same timezone to
websites. Currently, we choose UTC for this purpose, although an equally
valid argument could be made for EDT/EST due to the large English-speaking
population density (coupled with the fact that we spoof a US English user
agent). Additionally, the Tor software should detect if the users clock is
significantly divergent from the clocks of the relays that it connects to,
and use this to reset the clock values used in Tor Browser to something
reasonably accurate. Alternatively, the browser can obtain this clock skew
via a mechanism similar to that used in tlsdate.
Implementation Status: We set the timezone using the TZ environment
variable, which is supported on all platforms."
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
While I can "read" that, I don't "understand" how that makes Tor connect
twice whenever the timezone is not the current timezone.
How does the Mozilla Firefox Tor Browser even KNOW what the "right" TZ is?
It's reproduceable what happens simply by changing the time zone.
[a] Set your TZ correctly & the Tor Browser usually connects on the 1st try
[b] Set your TZ incorrectly & the Tor Browser takes two tries to connect
It's not something that I can solve.
But it is something that I'd like to better understand why.
You'd have to be a pretty good Firefox/Tor expert to help out.
So I'm ok if nobody knows the answer to this (rather niche) question.
If you do understand how Tor directories work, maybe you can explain these?
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
"Tor Browser uses UTC for its time. This hides the "system time" from any
querying websites and stops any website that could read the time from
determining your location based on your timezone. However it is not able to
protect users whose time is uniquely inaccurate."
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31324
"the Tor Browser spoofs the timezone displayed to websites to UTC but this
doesn't spoof the actual system time which can still be gotten with new
Date()"
Why does the Mozilla Firefox Tor Browser take two connections when the
system time zone is incorrect? What actions are going on under the hood?
[1] I found a great script on alt.msdos.batch for anti-fingerprinting
[2] I've been booting to that wonderful tz script for more than a year
[3] It randomly changes the system timezone for anti-fingerprinting
[4] Upon rebooting, it first kicks off a 3rd-party taskbar time-zone clock
[5] Which perfectly covers over & replaces the original taskbar clock
[6] Even down to the "Sergoe UI (9pt)" taskbar fonts (I make mine bold)
[7] Such that there is no indication to me of what timezone I'm set to
[8] Which has been working fine for about a year with no problems at all
The only issue is minor and I understand it at the top level only.
My question here is to see if someone understands it at a deeper level.
It's known (from bug reports) that the Mozilla Firefox Tor Browser has
initial connection problems when the timezone of the system isn't what the
Mozilla Firefox Tor Browser thinks the timezone of the system should be.
"Timezone and Clock Offset
While the latency in Tor connections varies anywhere from milliseconds to a
few seconds, it is still possible for the remote site to detect large
differences between the user's clock and an official reference time source.
Design Goal: All Tor Browser users MUST report the same timezone to
websites. Currently, we choose UTC for this purpose, although an equally
valid argument could be made for EDT/EST due to the large English-speaking
population density (coupled with the fact that we spoof a US English user
agent). Additionally, the Tor software should detect if the users clock is
significantly divergent from the clocks of the relays that it connects to,
and use this to reset the clock values used in Tor Browser to something
reasonably accurate. Alternatively, the browser can obtain this clock skew
via a mechanism similar to that used in tlsdate.
Implementation Status: We set the timezone using the TZ environment
variable, which is supported on all platforms."
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
While I can "read" that, I don't "understand" how that makes Tor connect
twice whenever the timezone is not the current timezone.
How does the Mozilla Firefox Tor Browser even KNOW what the "right" TZ is?
It's reproduceable what happens simply by changing the time zone.
[a] Set your TZ correctly & the Tor Browser usually connects on the 1st try
[b] Set your TZ incorrectly & the Tor Browser takes two tries to connect
It's not something that I can solve.
But it is something that I'd like to better understand why.
You'd have to be a pretty good Firefox/Tor expert to help out.
So I'm ok if nobody knows the answer to this (rather niche) question.
If you do understand how Tor directories work, maybe you can explain these?
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
"Tor Browser uses UTC for its time. This hides the "system time" from any
querying websites and stops any website that could read the time from
determining your location based on your timezone. However it is not able to
protect users whose time is uniquely inaccurate."
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31324
"the Tor Browser spoofs the timezone displayed to websites to UTC but this
doesn't spoof the actual system time which can still be gotten with new
Date()"
Why does the Mozilla Firefox Tor Browser take two connections when the
system time zone is incorrect? What actions are going on under the hood?