grarpamp: >> Why don't we propose a clean solution for this time mess anyway? > > Is this that big of a deal? If a would be Tor user doesn't know > what time it is and/or can't set their clock manually, they've got > bigger issues to worry about. > > And given 90% of these users use windows, they're set via ntp by > default (or rooted via other means) already.
Yes, it's a big deal. First time asked "System time in anonymity oriented LiveCDs". [1] We can't solve the problems with Windows and compromised Windows machines. This solution is needed for pepole who really care about security / anonymity. People who are interested in Tails, Liberte Linux or aos. These projects are interested in a solution. Setting time manually is really inconvinient. > In fact, since afaik Tor's entire trust is based on what the top > level dir auths say, There is a ticket from a Tor dev to change this. > all other nodes besides auths likely have no need to consider > time... just sigs. Even auths might not need to either... rather, > just publish good timestamps for recordkeeping (exonerator, stats, > etc) is all. Time is important. Since (for example) javascript can read it, an adversary controlled time skew can de-anonymize. Also read Steven J. Murdoch's paper about clock skew. Good for introduction as well. [2] > Last, is using Tails (or any OS for that matter) somehow going to > get you more blocked than blocked (or dead than dead) than for > already using Tor? Doubt it. What do you want to say with more blocked than blocked? I doubt Tails is dead given the number of users and dev activity. [1] https://lists.torproject.org/pipermail/tor-talk/2011-January/008849.html [2] https://tails.boum.org/contribute/design/Time_syncing/ _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk