Hi, it was brought to our attention (thanks Jacob!) that TCP timestamps (net.ipv4.tcp_timestamps) are enabled in Tails, and this might be a problem.
In a nutshell, we're said that the risks that go with the current setting are: 1. The system uptime can be inferred from this information. 2. The system clock can be tracked down to the millisecond. As far as I understand it, in the context of Tails, this can be done by an attacker who monitors the network somewhere between the attacked Tails system and the Tor entry nodes being used. Right? I must admit that I did not look closely enough, so in what follows, I'm assuming that this information is not forwarded by the three Tor hops to the other side of the connection. Please correct me if I'm wrong. Given such an attacker anyway knows the public IP used by the attacked system, I don't really get why Jacob calls this a "Major privacy info leak". May you please clarify what exact threat you have in mind? Off the top of my head, I can think of: a. Finding out how long a given Tails system has been running: if an attacker in this position got to watch the network (close enough to the attacked system) when it was bootstrapping Tor, then they can learn this too. I'm not overly concerned by this threat. b. Distinguishing several Tails systems running behind NAT and using the same IP address: I would call this a minor issue, and the same reasoning as in (a) applies. A very quick web search seems to indicate that disabling TCP timestamps brings its own share of issues: first, disabling TCP timestamps also disables the TCP protection against wrapped sequence numbers mechanism; second, TCP timestamps seem to be a pretty useful performance feature of TCP. That's why I am reluctant to disable this feature without knowing what exact problem we would solve. I'm all ears :) Thanks in advance. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev