Discussion:
Windows anti-fingerprint batch script randomly changing TZ affects Mozilla Firefox Tor Browser but why?
(too old to reply)
Tamborino
2023-07-06 16:24:07 UTC
Permalink
Can someone explain WHY Mozilla Firefox Tor Browser does what it does?

[1] I found a great script on alt.msdos.batch for anti-fingerprinting
[2] I've been booting to that wonderful tz script for more than a year
[3] It randomly changes the system timezone for anti-fingerprinting
[4] Upon rebooting, it first kicks off a 3rd-party taskbar time-zone clock
[5] Which perfectly covers over & replaces the original taskbar clock
[6] Even down to the "Sergoe UI (9pt)" taskbar fonts (I make mine bold)
[7] Such that there is no indication to me of what timezone I'm set to
[8] Which has been working fine for about a year with no problems at all

The only issue is minor and I understand it at the top level only.
My question here is to see if someone understands it at a deeper level.

It's known (from bug reports) that the Mozilla Firefox Tor Browser has
initial connection problems when the timezone of the system isn't what the
Mozilla Firefox Tor Browser thinks the timezone of the system should be.

"Timezone and Clock Offset

While the latency in Tor connections varies anywhere from milliseconds to a
few seconds, it is still possible for the remote site to detect large
differences between the user's clock and an official reference time source.

Design Goal: All Tor Browser users MUST report the same timezone to
websites. Currently, we choose UTC for this purpose, although an equally
valid argument could be made for EDT/EST due to the large English-speaking
population density (coupled with the fact that we spoof a US English user
agent). Additionally, the Tor software should detect if the users clock is
significantly divergent from the clocks of the relays that it connects to,
and use this to reset the clock values used in Tor Browser to something
reasonably accurate. Alternatively, the browser can obtain this clock skew
via a mechanism similar to that used in tlsdate.

Implementation Status: We set the timezone using the TZ environment
variable, which is supported on all platforms."
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone

While I can "read" that, I don't "understand" how that makes Tor connect
twice whenever the timezone is not the current timezone.

How does the Mozilla Firefox Tor Browser even KNOW what the "right" TZ is?

It's reproduceable what happens simply by changing the time zone.
[a] Set your TZ correctly & the Tor Browser usually connects on the 1st try
[b] Set your TZ incorrectly & the Tor Browser takes two tries to connect

It's not something that I can solve.
But it is something that I'd like to better understand why.

You'd have to be a pretty good Firefox/Tor expert to help out.
So I'm ok if nobody knows the answer to this (rather niche) question.

If you do understand how Tor directories work, maybe you can explain these?
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
"Tor Browser uses UTC for its time. This hides the "system time" from any
querying websites and stops any website that could read the time from
determining your location based on your timezone. However it is not able to
protect users whose time is uniquely inaccurate."

https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31324
"the Tor Browser spoofs the timezone displayed to websites to UTC but this
doesn't spoof the actual system time which can still be gotten with new
Date()"

Why does the Mozilla Firefox Tor Browser take two connections when the
system time zone is incorrect? What actions are going on under the hood?
Gary R. Schmidt
2023-07-07 04:02:48 UTC
Permalink
On 07/07/2023 02:24, Tamborino wrote:
[SNIP]
Post by Tamborino
Why does the Mozilla Firefox Tor Browser take two connections when the
system time zone is incorrect? What actions are going on under the hood?
OpenSSL, the thing under the hood that TOR uses to secure connections,
requires the time to be correct.

Winderrs, when the TZ is "wrong" will tell things the wrong time, for a
while, ish, until it is corrected. Ish.

The above is greatly simplified, but you should see the same behaviour
when SSH-ing into a system.

Cheers,
Gary B-)
Tamborino
2023-07-07 05:27:04 UTC
Permalink
Post by Gary R. Schmidt
Post by Tamborino
Why does the Mozilla Firefox Tor Browser take two connections when the
system time zone is incorrect? What actions are going on under the hood?
OpenSSL, the thing under the hood that TOR uses to secure connections,
requires the time to be correct.
Winderrs, when the TZ is "wrong" will tell things the wrong time, for a
while, ish, until it is corrected. Ish.
The above is greatly simplified, but you should see the same behaviour
when SSH-ing into a system.
Thank you for suggesting the SSL test to see if the random TZ affects it.

I tried to install SSL to test it out but I had some problems so that may
take more time for me to run tests that you suggest show the same thing.

It's seems there are a variety of Windows SSL implementations revolving
around the source compilation & binaries with and without necessary DLLs.
https://www.openssl.org/source/
https://daniel.haxx.se/blog/tag/openssl/
https://slproweb.com/products/Win32OpenSSL.html

Until I get that test working, I may not have made it clear that the system
TIME is correct. It's just the TIMEZONE which is randomized on my PC.

You can run a simple test proving it's not the time but the time zone.
[1] Set up the Mozilla Firefox Tor Browser to the default configuration
[2] That means the connection requires a press on the [Connect] button
[3] You won't see this issue if you have the connection set to automatic

The simple test of the Mozilla Firefox Tor Browser is this:
[1] Set your timezone to the correct time zone (tzutil /s "Your Time Zone")
[2] Start the Mozilla Firefox Tor Browser & press the [Connect] button
[3] Almost always it will take only 1 press of that purple [Connect] button

Now keep the same system time, but change only the time zone:
[1] Set your timezone to the wrong time zone (tzutil /s "Other Time Zone")
[2] Start the Mozilla Firefox Tor Browser & press the [Connect] button
[3] Almost always it will take 2 presses of that purple [Connect] button

I realize this is a niche question because it works after two presses.
And I realize that Tor needs the TIME to be syncronized among servers.

But it's not the TIME that is randomized on my system.
It's the TIME ZONE that is randomized on my system.

Why would the Mozilla Firefox Tor Browser even care about the Time Zone
when the Mozilla Firefox Tor Browser is using the UTC time zone anyway?
R.Wieser
2023-07-07 08:15:03 UTC
Permalink
Tamborino,
Post by Tamborino
Until I get that test working, I may not have made it clear
that the system TIME is correct. It's just the TIMEZONE which
is randomized on my PC.
If you do a (quick) search for "tor timezone" you might find that your TOR
client actually accesses the timezone setting - as far as I could tell to
check if you match up with your credentials.

But also take into consideration that other/older Windows OSes run their
clocks in local time, and convert it to UTC when needed. In such cases
changing the timezone will do all kinds of "interresting" things to your
connection (and might prompt the TOR client to try to use the "raw" time
instead).

And a remark : if your puter uses local time and generates UTC from that
than changing the timezone might also cause your filetimes to go haywire.

Regards,
Rudy Wieser
Tamborino
2023-07-07 18:39:13 UTC
Permalink
Post by R.Wieser
If you do a (quick) search for "tor timezone" you might find that your TOR
client actually accesses the timezone setting - as far as I could tell to
check if you match up with your credentials.
The problem is that I don't understand what that means to "match up with
your credentials" which is why I had asked the question in the first place.

What are my credentials?

If those credentials are my time zone, they match because WHATEVER timezone
my computer is set to _is_ my timezone (as far as the browser is
concerned). Right?

Do you see why I'm confused?

How does any browser know that my system timezone isn't my real timezone?
R.Wieser
2023-07-08 06:49:38 UTC
Permalink
Tamborino,
Post by Tamborino
If those credentials are my time zone, they match because WHATEVER
timezone my computer is set to _is_ my timezone (as far as the
browser is concerned). Right?
No. Your credentials are whatever is stored at the other side about you.
What you send them is compared to those.

For what reason ? Thats not something I'm privy to I'm afraid.
Post by Tamborino
How does any browser know that my system timezone isn't my real timezone?
Not your browser, the TOR client. Which, and not your browser, is what
causes the two connections.

Regards,
Rudy Wieser
JJ
2023-07-07 04:29:35 UTC
Permalink
Post by Tamborino
Can someone explain WHY Mozilla Firefox Tor Browser does what it does?
[1] I found a great script on alt.msdos.batch for anti-fingerprinting
[2] I've been booting to that wonderful tz script for more than a year
[3] It randomly changes the system timezone for anti-fingerprinting
[4] Upon rebooting, it first kicks off a 3rd-party taskbar time-zone clock
[5] Which perfectly covers over & replaces the original taskbar clock
[6] Even down to the "Sergoe UI (9pt)" taskbar fonts (I make mine bold)
[7] Such that there is no indication to me of what timezone I'm set to
[8] Which has been working fine for about a year with no problems at all
The only issue is minor and I understand it at the top level only.
My question here is to see if someone understands it at a deeper level.
It's known (from bug reports) that the Mozilla Firefox Tor Browser has
initial connection problems when the timezone of the system isn't what the
Mozilla Firefox Tor Browser thinks the timezone of the system should be.
"Timezone and Clock Offset
While the latency in Tor connections varies anywhere from milliseconds to a
few seconds, it is still possible for the remote site to detect large
differences between the user's clock and an official reference time source.
Design Goal: All Tor Browser users MUST report the same timezone to
websites. Currently, we choose UTC for this purpose, although an equally
valid argument could be made for EDT/EST due to the large English-speaking
population density (coupled with the fact that we spoof a US English user
agent). Additionally, the Tor software should detect if the users clock is
significantly divergent from the clocks of the relays that it connects to,
and use this to reset the clock values used in Tor Browser to something
reasonably accurate. Alternatively, the browser can obtain this clock skew
via a mechanism similar to that used in tlsdate.
Implementation Status: We set the timezone using the TZ environment
variable, which is supported on all platforms."
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
While I can "read" that, I don't "understand" how that makes Tor connect
twice whenever the timezone is not the current timezone.
How does the Mozilla Firefox Tor Browser even KNOW what the "right" TZ is?
It's reproduceable what happens simply by changing the time zone.
[a] Set your TZ correctly & the Tor Browser usually connects on the 1st try
[b] Set your TZ incorrectly & the Tor Browser takes two tries to connect
It's not something that I can solve.
But it is something that I'd like to better understand why.
You'd have to be a pretty good Firefox/Tor expert to help out.
So I'm ok if nobody knows the answer to this (rather niche) question.
If you do understand how Tor directories work, maybe you can explain these?
https://tor.stackexchange.com/questions/13450/does-tor-leak-time-and-time-zone
"Tor Browser uses UTC for its time. This hides the "system time" from any
querying websites and stops any website that could read the time from
determining your location based on your timezone. However it is not able to
protect users whose time is uniquely inaccurate."
https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/31324
"the Tor Browser spoofs the timezone displayed to websites to UTC but this
doesn't spoof the actual system time which can still be gotten with new
Date()"
Why does the Mozilla Firefox Tor Browser take two connections when the
system time zone is incorrect? What actions are going on under the hood?
Be aware that, Tow Browser is two softwares in one: the web browser, and Tor
client.

The multiple connections attempts is likely due to Tor mechanism. It is not
done the web browser itself. If you're seeing the repeat connections from
the web browser's perspective, it's because Tor client needs to
refresh/update its data due to TZ changes, and has to reset the initial
connection.
Woozy Song
2023-07-07 05:33:24 UTC
Permalink
Post by Tamborino
[4] Upon rebooting, it first kicks off a 3rd-party taskbar time-zone clock
[5] Which perfectly covers over & replaces the original taskbar clock
[6] Even down to the "Sergoe UI (9pt)" taskbar fonts (I make mine bold)
[7] Such that there is no indication to me of what timezone I'm set to
I'm curious what that taskbar replacement time clock software is.
And how does it correct for the time when the system time zone changes?
Tamborino
2023-07-07 17:25:19 UTC
Permalink
Post by Woozy Song
I'm curious what that taskbar replacement time clock software is.
And how does it correct for the time when the system time zone changes?
The script is by a smart guy named Herbert Kleebauer who wrote it to
randomly switch a Windows machine's time zone for fingerprinting use.

I actually got it from a PC forum but it has his name as the main initial
contributor so I'm not sure which attributes of that batch file to ascribe.

However, what it does is gets called when the PC reboots, and it has code
to avoid the UAC prompt that Windows typically asks for admin commands, and
then right after that avoid-UAC-prompt code is a line to call DS clock.
https://www.dualitysoft.com/dsclock/index.html
"DS Clock is a FREE digital desktop clock that displays variable date
and time information built from the format string.
The program allows you to fully customize its look and feel.
You can select any combination of date and time, including milliseconds,
select time zones, insert any text, pick custom colors and fonts,
set custom sound to play at the top of the hour, half hour,
and quaters, play real Westminster chimes, etc.
DS Clock can synchronize your computer's clock with Atomic Time Servers.
It also allows you to show the tool tip window with upcoming reminders
of HandyPIM and Calendarscope.
Swatch Internet Time and Stopwatches are supported."

By default it won't have the right "Sergoe UI (9pt)" taskbar font and
Windows taskbar color & background but all that's easily set in the app.

Also it has the option to choose from dozens of time servers to get the
right time (it's set to get my time from Boulder Colorado) and it can be
set to any time zone.

Windows also has a taskbar clock that can be set to any time zone too, but
when I tried it, it was too limited in that I only wanted one clock on the
taskbar with only my local time zone for that clock so I decided to leave
it alone.

I have multiple monitors so I can always look at the other monitors to see
what the system time thinks it is but the main monitor shows only local
time.

The beauty of this system is that the script runs upon reboot without
asking any questions and then it randomly changes the time zone all day.

I don't even notice that since no program I use cares what the time zone
is, well, except the Mozilla Firefox Tor Browser - but that's what I ask.

Do you know of any other program other than the Microsoft Firefox Tor
Browser which acts different when the time zone is randomly changing?
Gary R. Schmidt
2023-07-08 11:39:11 UTC
Permalink
On 08/07/2023 03:25, Tamborino wrote:
[SNIP]
Post by Tamborino
Do you know of any other program other than the Microsoft Firefox Tor
Browser which acts different when the time zone is randomly changing?
SSH, as I mentioned previously.
Peter Moylin
2023-07-26 14:26:59 UTC
Permalink
Post by Gary R. Schmidt
Post by Tamborino
Do you know of any other program other than the Microsoft Firefox Tor
Browser which acts different when the time zone is randomly changing?
SSH, as I mentioned previously.
Case in point, try this.
1. Set your clock wrong & go to this site using Firefox/Chrome.
2. https://premierparts.ru/page.php
3. When your time zone is wrong, you'll get the error I see below.

"Your clock is ahead/behind the real clock.
A private connection to premierparts.ru can't be established because
your computer's date and time (Wednesday, July 26, 2023 at 1:17:09 AM)
are incorrect.
NET::ERR_CERT_DATE_INVALID"

Press the gray "Advanced" button on the browser error window.

That will say "To establish a secure connection, your clock needs to be set
correctly. This is because the certificates that websites use to identify
themselves are only valid for specific periods of time. Since your device's
clock is incorrect, Firefox/Chromium cannot verify these certificates."

Press the blue "Update date and time" button on the browser error window.
That will reset your browser clock.

You can do it all from within the browser because the browser is checking.
--
Peter Moylin
Kerr-Mudd, John
2023-07-26 11:51:41 UTC
Permalink
On Wed, 26 Jul 2023 07:26:59 -0700
Peter Moylin <***@moylin.invalid> wrote:
[]
checking.

Are you aware that a well-respected regular poster in another NG's name is
Peter Moylen?

How amazing is that!
--
Bah, and indeed Humbug.
Ken Blake
2023-07-27 13:54:35 UTC
Permalink
On Wed, 26 Jul 2023 12:51:41 +0100, "Kerr-Mudd, John"
Post by Kerr-Mudd, John
On Wed, 26 Jul 2023 07:26:59 -0700
[]
checking.
Are you aware that a well-respected regular poster in another NG's name is
Peter Moylen?
Moylan, not Moylen.

I don't know for sure, but I suspect this Peter Moylin may be a troll,
copying the other Peter's name, and perhaps misspelling it by
accident, just as you did,
Post by Kerr-Mudd, John
How amazing is that!
Loading...