[Tails-dev] onion-grater fix Tor control auth cookie authentication even if HashedControlPassword is set

Hi! https://github.com/Whonix/onion-grater/commit/70e735dae1c15920c356b07fc6aaf4b9589b465a Please review and merge. The more I think about it, perhaps we could abolish DEFAULT_COOKIE_PATH = '/run/tor/control.authcookie' altogether? PROTOCOLINFO tells controllers (like stem) where the cookie

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix? - \n -> \r\n fix

Hi, could you please add this trivial fix? https://github.com/Whonix/control-port-filter-python/commit/30c1de54f9feaa26464842241e217be6edf3b464 (fixes txtorcon compatibility) Cheers, Patrick [1] https://github.com/meejah/txtorcon/issues/215#issuecomment-290277209

[Tails-dev] onion-grater sd-notify support

Hi! Please reviewer and merge into onion-grater. https://github.com/adrelanos/onion-grater-remote.git branch: sd-notify https://github.com/adrelanos/onion-grater-remote/tree/sd-notify Cheers, Patrick ___ Tails-dev mailing list Tails-dev@boum.org

Re: [Tails-dev] [tor-dev] GSOC 2017: Proposal for anon-connection-wizard

anonym: > irykoon: >> Currently, the Tor Launcher is shipped with the Tor Browser Bundle >> and heavily relies on the Tor Browser for its implementation. These >> facts cause using Tor Launcher without having the Tor Browser >> impossible. I agree with the wh

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

Happy to report, that tor-controlport-filter learned sd_notify, now got support for systemd's watchdog feature. Using python3-sdnotify from packages.debian.org. To be found in git master. Git commits, test results can be found here. https://phabricator.whonix.org/T274#12423

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >> Patch by Joy. Otherwise it does not work for us. Do you think you could >> merge this patch? > > No; the "match-"-prefix was intentionally dropped, so please `s/match-//g` in > all your scripts and filter files. > > Chee

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

Patch by Joy. Otherwise it does not work for us. Do you think you could merge this patch? https://github.com/joysn/control-port-filter-python/commit/6f488c14980e8b5c58a42374649c4d5725c8296e#diff-7414879ce81f5586d790820540d0ca05 Best regards, Patrick

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

ke: >> >> - #!/usr/bin/python3 -u (makes eventual python exceptions and up in >> journal) - Use yml.safe_load and Python exceptions in journalctl - >> add --listen_interface option > > These were the commits I imported. > Great! anonym: > Patrick Schleizer: &g

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

Hello anonym! anonym: > Feel free to send a PR with your other > changes applied to tor-controlport-filter in Tails Git! > Otherwise > I'll do it myself later this week. Joy rebased Whonix's changes on top of your new version. base:

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

>> Noticed one incompatibility.>> >> https://github.com/HelloZeroNet/ZeroNet/issues/756 >> >> https://github.com/Whonix/control-port-filter-python/blob/master/usr/share/tor-controlport-filter/examples/40_zeronet.yml anonym sorted that out by fixing a bug in ZeroNet.

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >> [override] will probably work for Whonix. Joy and me drafted a >> plan. >> >> In one sentence: We at Whonix invent a new a separate config >> folder, parse it with a yml merger python script, and generate >> another yml f

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

Hi! [override] will probably work for Whonix. Joy and me drafted a plan. In one sentence: We at Whonix invent a new a separate config folder, parse it with a yml merger python script, and generate another yml file that gets passed to tor-controlport-filter by Tails. In more detail: - We'll at

Re: [Tails-dev] [Whonix-devel] Tails control port filter proxy in Whonix?

anonym: > Yay! Let's try to make this fork short-lived! Yes! :) > Note that Tails' version has changed quite a lot since you forked -- please try to keep your fork delta minimal (i.e. only do what *must* be done)! Our diff of the filter is quite mergable, I guess. In summary: - filters =

Re: [Tails-dev] Tails control port filter proxy in Whonix?

Noticed one incompatibility. ZeroNet uses custom code rather than python-stem to talk to Tor control protocol. It's line handling works with original Tor, but not with the filter. https://github.com/HelloZeroNet/ZeroNet/issues/756

Re: [Tails-dev] Tails control port filter proxy in Whonix?

Whonix has forked tor-controlport-filter by Tails. https://github.com/Whonix/control-port-filter-python Whonix is using a different configuration parser. This is now documented in details here: https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy/tor-controlport-filter/config Best

Re: [Tails-dev] Tails control port filter proxy in Whonix?

Happy to report, that a few profiles have been successfully written. That are using Whonix forked config parsing code. They are now living here: - https://github.com/Whonix/control-port-filter-python/tree/master/usr/share/tor-controlport-filter/examples There is one for onionshare, one for

[Tails-dev] future of tor-launcher? - Firefox XPCOM / XUL based add-ons deprecation

Hi, XPCOM / XUL based add-ons will be deprecated in Firefox. [1] I've searched trac, mailing list, irc logs... I know you are aware of that, but haven't found your plan forward. Is there already one? What are your plans regarding tor-launcher? Will tor-launcher be ported over as Firefox

Re: [Tails-dev] Tails control port filter proxy in Whonix?

Patrick Schleizer: > anonym: >> Patrick Schleizer: >>> anonym: >>> About the packaging. If you like the genmkfile way to package things, I >>> could also do the packaging. Only disadvantage would be an extra >>> dependency on genmkfile. >>> &g

Re: [Tails-dev] Tails control port filter proxy in Whonix?

Hi, it's now packaged and lintian pedantic clean. The package should be generic (work in Whonix and Tails at the same time) for the most part. The missing part is Tails' config files. Since I don't know if you want to actually use that package, I skipped Tails' config files and just dropped

[Tails-dev] Fwd: [tbb-dev] Tor Browser and Targeted RAM Bit-Flips

Forwarded Message Subject: [tbb-dev] Tor Browser and Targeted RAM Bit-Flips Date: Fri, 18 Nov 2016 10:16:47 +1100 From: teor Reply-To: discussion regarding Tor Browser Bundle development To: tbb-...@lists.torproject.org Hi Mike

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >> anonym: >>> Patrick Schleizer: >>>> Where I need to correct myself. The injected IP is probably difficult to >>>> add to a config file since IPs in Qubes will remain dynamic for some >>>> qui

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >> Where I need to correct myself. The injected IP is probably difficult to >> add to a config file since IPs in Qubes will remain dynamic for some >> quite some time until Qubes 4.0. We'd need something like this. >> >> ADD_ONI

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >> That crashes the filter for me. > > Argh, I meant: > > GETINFO: > - pattern: 'net/listeners/socks' > response: > - pattern: '250-net/listeners/socks=".*"' > replacemen

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >>>> - https://phabricator.whonix.org/T564 >>> >>> I'd need more details of what the idea is here. >> >> Prevent (in case of some bug or compromise) that more than X hidden >> services are created. The number of

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >> Hi there, >> >> sorry for the delay, I got side tracked with other stuff. >> >> My first and summary impression is, that this is looking excellent! > > \o/ > >> ./tor-controlport-filter --listen-address 9052 >&

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > Patrick Schleizer: >>>>>> - https://phabricator.whonix.org/T564 >>>> >>>> Protecting cpfpy from DDOS from client applications. Not sure that >>>> matters for Tails? >>> >>> We do not do much specific here. Wha

Re: [Tails-dev] Tails control port filter proxy in Whonix?

anonym: > https://tails.boum.org/news/report_2016_09/#index2h1 > > and look at the documentation at the top of the script, and the filter > rules we ship to get an idea of what it can do. > As you can see, in Tails we use match-exe-paths and match-users a lot, > but since you won't have

Re: [Tails-dev] Tails control port filter proxy in Whonix?

> [...] >> In conclusion, I think the truth is that Whonix switching to our filter >> will require some work to reach feature-parity with you current filter, >> and you will not really gain anything by doing so except code sharing. >> YMMV. That said, I'd happily implement match-hosts and the two

Re: [Tails-dev] Tails control port filter proxy in Whonix?

Hi there, sorry for the delay, I got side tracked with other stuff. My first and summary impression is, that this is looking excellent! ./tor-controlport-filter --listen-address 9052 Tor control port filter started, listening on 9052:9051 Do you see any reason in Whonix not to use the

[Tails-dev] Tails HSTS website error - was: Tails control port filter proxy in Whonix?

> https://git.tails.boum.org/tails/tree/config/chroot_local-includes/usr/local/lib/tor-controlport-filter?h=feature/7870-include_onionshare When I visit that link, I cannot proceed. > Your connection is not secure > > The owner of git.tails.boum.org has configured their website improperly. To

[Tails-dev] Tails control port filter proxy in Whonix?

Hi, as discussed elsewhere, yes, it would be great if we could share code bases! Does it support simultaneous connections? (Such as two applications using ephemeral Tor hidden services plus Tor Browser at once.) Does Tails control port filter proxy support events? I mean, can a client

Re: [Tails-dev] Tails template for Qubes

sajolida: > I just wanted to let you know that people from Qubes started a ticket > about having a Tails template for Qubes. I never used Qubes myself and > barely understand what this means but I'll follow the ticket and maybe > others interested in Qubes should do to: DrWhax, anonym? > >

Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions

intrigeri: > Hi, > > I've just stumbled upon an issue [1] open by Jake on Subgraph OS bug > tracker, about this topic, so I thought I would close this thread > that's still lying in my inbox, and sum up the process that lead us to > a (not implemented) conclusion. > > Last time we discussed it

Re: [Tails-dev] [Secure Desktops] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

Network Manager etc. 3) Now, Tails would remember FreeWifi358235892435 and assign entry guard B. intrigeri: > Hi, > > Patrick Schleizer wrote (09 Feb 2016 23:42:22 GMT) : >> intrigeri: >>> [can you please decide what mailing-list this discussion should happen >>>

Re: [Tails-dev] Tails htpdate - why use time information from neutral and foe pools?

Patrick Schleizer: > intrigeri wrote: >>> I can't think of another area in which asking a hostile for advice is a >>> good idea. Maybe "if friend and foe both agree, you can be confident >>> that they're right; if they disagree, look further" - but th

Re: [Tails-dev] [Secure Desktops] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

[quoting you in full since this mail was eaten by the whonix-devel list for some reason even though I manually allowed it] intrigeri: > Hi, > > [can you please decide what mailing-list this discussion should happen > on, and then we can stop cross-posting over 4 mailing-list?]

[Tails-dev] Persistent Tor start in Tails vs location aware Tor entry guards (LATEG)

sajolida: > https://tails.boum.org/blueprint/persistent_Tor_state/ Persistent Tor state would be a good improvement. Could be the first iteration. It would make Tails less fingerprintable and more secure for people staying in the same location and/or not carding about AdvGoalTracking. But

[Tails-dev] Avoiding real MAC address in Tails macchanger being harmful?

Tails does verify, that randomly chosen MAC does not equal the real MAC by chance. >From tails-spoof-mac [1] (code: [A]) > # There is a 1/2^24 chance macchanger will randomly pick the real MAC > # address. We try to making it really unlikely repeating it up to > # three times. Theoretically

[Tails-dev] MAC changer "blend into the crowd" by only using common manufacturer MAC (OUI part) addresses broken by design?

Tails' current implementation... only spoof the NIC part: yes [1] OUI part unchanged: yes [2] quu9ohch [1]: > [...] It is not possible to "blend into the crowd" with a "typical-looking" mac address when so many users allow themselves to be uniquely fingerprinted and tracked. The tradeoff of

[Tails-dev] Tails: Protect against fingerprinting via active Wi-Fi networks probing implemented?

Active probe fingerprinting https://tails.boum.org/contribute/design/MAC_address/#index6h1 says, No - "No protection against this is implemented yet". but https://labs.riseup.net/code/issues/6453 says "yes", 100 % done. Please confirm, which one it is. What happened to

Re: [Tails-dev] Tails fails to run inside Qubes OS

intrigeri: > If you really tried Tails 1.6, then I suggest you retry with > a Jessie-based experimental build: > > http://nightly.tails.boum.org/build_Tails_ISO_feature-jessie/lastSuccessful/archive/ Tried. - It's not affected by the X issue. Boots up without `vga=`. - Mouse does not work in

Re: [Tails-dev] Tails fails to run inside Qubes OS

intrigeri: > It would be good to know what version of Tails you tried, because the > bug report is self-contradicting ("I've downloaded Tails 1.6. > Stored in my iso-download (debian-8 based) AppVM"). Really was Tails 1.6. Austin English: > I don't think it's self contradicting. debian-8 based

Re: [Tails-dev] redmine watch button broken

u: > Hi Patrick, > > Patrick Schleizer: >> When I go to https://labs.riseup.net/code/issues/5606 and press 'watch', >> it redirects to >> https://labs.riseup.net/code/watchers/watch?object_id=5606_type=issue >> and I am getting the following erro

[Tails-dev] redmine watch button broken

Hi! When I go to https://labs.riseup.net/code/issues/5606 and press 'watch', it redirects to https://labs.riseup.net/code/watchers/watch?object_id=5606_type=issue and I am getting the following error message. > Page not found > > The page you were trying to access doesn't exist or has been

[Tails-dev] Tails fails to run inside Qubes OS

Hi! For some reason I cannot answer to any Tails redmine tickets. So here is my test report of Tails inside Qubes OS. I've downloaded Tails 1.6. Stored in my iso-download (debian-8 based) AppVM. Then followed the https://www.qubes-os.org/en/doc/hvm-create/ instructions. Initially Tails boots.

[Tails-dev] Can TCP Sequence Numbers leak System Clock?

Hi! Is it possible to derive and/or estimate the system clock by observing TCP sequence numbers? Jacob Appelbaum [1]: In the Linux kernel, TCP Sequence numbers embed the system clock and then hash it. Yet another way to leak the system clock to the network. As I understand the paper 'An

[Tails-dev] entropy mixing: rngd vs haveged

Hi David! Could you follow up intrigeri's questions on this ticket please? https://labs.riseup.net/code/issues/5650 Cheers, Patrick ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this

[Tails-dev] Announcing control-port-filter-python - a fork of tor-controlport-filter by Tails

Dear Tails developers, I would like to inform you about the existence of control-port-filter-python, a fork of tor-controlport-filter by Tails. Improvements: * Supports parallel connections. * Configurable by dropping .d-style configuration snippets into /etc/cpfpy.d. I.e. whitelist can be

Re: [Tails-dev] keeping up with pluggable transports by using TBB's Tor and tor-launcher

Hi! intrigeri wrote: Hi, Patrick Schleizer wrote (21 Nov 2014 15:17:08 GMT) : intrigeri wrote: Patrick Schleizer wrote (15 Nov 2014 15:38:09 GMT) : Unless I'm mistaken, the server-side of these PTs needs to be in Debian anyway, so that people running Debian-based distros can actually

Re: [Tails-dev] keeping up with pluggable transports by using TBB's Tor and tor-launcher

Hi! intrigeri wrote: Hi, Patrick Schleizer wrote (15 Nov 2014 15:38:09 GMT) : Idea: - Come with a recent release of original TBB from TPO installed by default with every new release of Tails/Whonix. - Use the TBB, tor-launcher add-on and pluggable transports from TBB as the new

Re: [Tails-dev] Tails htpdate - why use time information from neutral and foe pools?

intrigeri wrote: I can't think of another area in which asking a hostile for advice is a good idea. Maybe if friend and foe both agree, you can be confident that they're right; if they disagree, look further - but that's not what Tails htpdate is doing. Indeed, it should probably discard

[Tails-dev] keeping up with pluggable transports by using TBB's Tor and tor-launcher

Hi! intrigeri wrote: [...] Still, the landscape of pluggable transports is quickly evolving, and indeed we have a hard time staying on top of things in this area. [...] I think it will be simply impossible to keep up with pluggable transports. We at Whonix are facing the same issue. Idea:

Re: [Tails-dev] git (submodule) security

boyska wrote: On Sat, Nov 01, 2014 at 08:07:04AM +, Patrick Schleizer wrote: By chance I found https://github.com/boyska/git-verify repo. hey, that's me :P That's why I explicitly added you to cc. :) At Whonix we're currently discussing various aspects of git security. Especially since

[Tails-dev] git (submodule) security

Hi! By chance I found https://github.com/boyska/git-verify repo. At Whonix we're currently discussing various aspects of git security. Especially since git still uses SHA-1 and if git (submodule) verification is safe against adversaries, that can produce SHA-1 collisions. I was wondering, if

[Tails-dev] TCP Sequence Numbers leak System Clock

Hi, you might be interested in this: https://twitter.com/ioerror/status/509159304323416064 Why could it be relevant? Tor Browser (and other applications?) leak the system clock in default settings [1]. At the same time, the system clock leaks to ISP level observers through TCP sequence numbers.

Re: [Tails-dev] I2P Tails 1.2 (0.9.15, browser, network-manager)

I2P-browser === I got a bit of work done for the separate browser for use with I2P, based upon the unsafe-browser script. I haven't pushed it anywhere yet, but will do once I do a bit more testing with it. (ticket #7725) Great! Note that this code probably depends on what browser

[Tails-dev] meek debian packaging brainstorming

Hi, as you may already know, meek [1] is a pluggable transport. Quite a convenient one for TBB users. They don't even have to obtain bridges and it just works out of the box. I've recently posted a feature request for packaging it for Debian. [2] Unfortunately it won't be that simple because it

Re: [Tails-dev] [Freepto] (senza oggetto)

Hi! intrigeri: [sorry for the late reply. any reason to drop most addresses from the Cc list?] Sorry, mistake. Patrick Schleizer wrote (03 Jul 2014 14:55:57 GMT) : I am currently working on splitting Whonix into multiple packages. Having ability to be used by other privacy distributions

Re: [Tails-dev] [Freepto] (senza oggetto)

Hi! u: I'd be glad to help with some packaging. Cool! Please also look through the one or two lines package summaries. Then we may discuss packages that are of interest to you. :) Some of the stuff i see in that list could probably be integrated into existing packages (AppArmor profiles)

[Tails-dev] Tails htpdate - why use time information from neutral and foe pools?

Hi! I've got a question for Tails' design regarding to HTP source pools [1]. [...] The HTP pools used by Tails are based on stable and reliable webservers that get great amounts of traffic. They are categorized into three different pools according to their members' relationship to the members

Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions

Hi! sajol...@pimienta.org: Note that in the case of Tails, we recommend our users against doing this. Which is mix different identities in a same working session: https://tails.boum.org/doc/about/warning/#index8h1 Whonix has a similar warning:

Re: [Tails-dev] Why OnionCat + Mumble - why not just Mumble?

ban...@openmailbox.org: Here is what Bernhard says about authentication: https://www.whonix.org/w/index.php?title=OnionCatstable=0shownotice=1fromsection=Security#Security Alternative links: - https://www.whonix.org/wiki/OnionCat#Security - http://www.webcitation.org/6Rv71smMB

Re: [Tails-dev] [Freepto] Let's share username, /etc/hostname and /etc/host among all anonymity distributions

Hi! intrigeri: I'm coming back on the shared username/hostname thing, that was rediscussed a bit lately, with input from Freepto and pointers to Subgraph OS code, on a Tails ticket: https://labs.riseup.net/code/issues/5655 As you can see in my comment #6 there, it's unclear to me

Re: [Tails-dev] Why OnionCat + Mumble - why not just Mumble?

intrigeri: Patrick Schleizer wrote (05 Aug 2014 02:04:30 GMT) : Mumble has a TCP mode. Why involve QnionCat? Without involving Tor Hidden Services, Well, with OnionCat you must involve Tor Hidden Services as well? how do you initiate a peer-to-peer conversation between two Tails users

Re: [Tails-dev] How to seed urandom (or not)?

coderman: tls-tor-random to torproject What do you mean by that? ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.

[Tails-dev] Why OnionCat + Mumble - why not just Mumble?

Hi! Quote https://tails.boum.org/blueprint/VoIP_support/ : Preliminary testing showed OnionCat + Mumble to be a working and relatively easy to setup Tor-enabled VoIP solution; the 1/2s - 1s delay is only slightly annoying. Why OnionCat + Mumble - why not just Mumble? Mumble has a TCP mode.

Re: [Tails-dev] How to seed urandom (or not)?

intrigeri: 2. drop the publicly known value = urandom is seeded by date +%s.%N only If you are going that route, would it make sense to drop the dot in date +%s%N as well to remove another publicly known value? ___ Tails-dev mailing list

Re: [Tails-dev] [review'n'merge:1.2] feature/6579-disable-tcp-timestamps [Was: Risks of enabled/disabled TCP timestamps?]

Hi, I haven't found the commit where you actually added /etc/sysctl.d/tcp_timestamps.conf. Does this implementation involve anything besides /etc/sysctl.d/tcp_timestamps.conf? http://www.tmltechnologies.com/html-2012/index.php/linux-rescue-kits/82-secret/91-disable-tcp-timestamps-on-linux

Re: [Tails-dev] Post-backbone collaboration

either way. The feature Share username and hostname amongst all anonymity has been implemented as a Debian package: https://github.com/Whonix/anon-base-files All the best, Patrick Schleizer (a maintainer of the Whonix privacy distribution) ___ Tails-dev

Re: [Tails-dev] Firefox extension for downloading Tails

While you're at it, would it be a lot more effort to make it a generic download extension? I certainly enjoyed to have this issue that many software projects suffer from solved in a generic way. Otherwise it might get forked some day to have a download extension for gpg, TBB, Whonix, etc.? :)

Re: [Tails-dev] Sharing wiperam package between Freepto and Tails?

intrigeri: @Patrick: why is the build-dep on config-package-dev versionned to 0.5.1? Isn't Wheezy's 4.13 good enough for our needs? (Worst case, we can fetch 0.5.1 from wheezy-backports, but still :) Even it has been obsoleted by now, I like answering it maybe for the future. wheezy:

Re: [Tails-dev] Sharing wiperam package between Freepto and Tails?

Hi! = news = Did some work on this... Link: https://github.com/adrelanos/wiperamFreepto Package builds fine. ./build script produces deterministic wiperam_0.1.orig.tar.gz, wiperam_0.1-1_all.deb and wiperam_0.1-1.debian.tar.gz. Package installation and actual functionality untested. =

Re: [Tails-dev] Sharing wiperam package between Freepto and Tails?

Hi! Terrific! I also would like to see this getting packaged and ideally even entering Debian. Maybe I can help a bit packaging it. I advise against directly using dpkg-divert for config file diversions. That may cause issues later when attempting to upgrade the package. In my opinion

[Tails-dev] dead link

Hi! Quick one.. Here: https://tails.boum.org/contribute/design/#index42h3 Is: https://git-tails.immerda.ch/tails/plain/config/chroot_local-includes/lib/live/config/201-pidgin Should be: https://git-tails.immerda.ch/tails/tree/config/chroot_local-includes/lib/live/config/2010-pidgin Cheers,

Re: [Tails-dev] Risks of enabled/disabled TCP timestamps?

Hi, TCP timestamps are created using the systems clock, is that correct? Would it make sense to, - when Tails starts: save system clock - before Tor starts: randomize system clock (+/- a random amount of milliseconds [and seconds?]) - when Tails is shut down: undo system clock randomization ?