70
edits
Changes
→Clock skew measurements
:Clock skew measurement isn't really a browser issue; it tends to be exposed by the operating system at the TCP level. It would be appropriate to assume that an attacker can obtain 4-6 bits of information about the identity of a host by this method. -- [[User:Pde|Pde]] 02:55, 15 June 2010 (UTC)
:Note also that it's not just clock skew, but also clock precision that can allow for fingerprinting - both in terms of how long certain operations take on a system and in terms of user action. For example, [http://www.scoutanalytics.com/ Scout Analytics] provides software to fingerprint users based on [http://arstechnica.com/tech-policy/news/2010/02/firm-uses-typing-cadence-to-finger-unauthorized-users.ars typing cadence]. One can also imagine tight loops of timed javascript that fingerprint users based on certain resource-intensive calls. One possibility might be to quantize Date values to the second, and then add random, monotonically increasing amounts of milliseconds to subsequent calls during private browsing mode. -- [[User:mikeperry|mikeperry]]
== TCP stack ==
