Its not a good idea to enable timedatectl (or any NTP daemon) by default in Debian Stretch+ because it has negative consequences for privacy and anonymity. The NTP protocol is not secure and can be trivially manipulated by network observers to mount clock skew attacks. NTPS is no better because of the broken SSL CA model. Leaking clock information about a machine can open the way for remote device fingerprinting even if they are anonymous.
The research comes from WhonixOS a privacy centric distro like TAILS. _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
