This is frightening. By tracking micro-variations in computer clock speed it's possible to uniquely identify a PC connected to the net, regardless of firewalls, anonymizers, etc. So far, a Ph.D. thesis, but practical implementation can't be far off. Has the NSA had this for a long time? Will someone develop a way to insert random low-level jitter to defeat this?
Posted by mitch@osafoundation.org at March 04, 2005 01:01 PM
Alan Groskurth writes:
There is actually no need to insert 'random, low-level jitter' to defeat programs which track computers by micro-variations in clock speed; you can simply configure your computer to always give exactly the right time. The way to do this is by computing your computer's 'clock skew', and then compensating for it accordingly, effectively eliminating it. This is what the UNIX software package 'clockspeed' does:
http://cr.yp.to/clockspeed.html
From the web page:
"Typical success story: I started clockspeed on one of my Pentium computers at home on 1998-05-05. I ran sntpclock (through a 28.8 dialup line) once on 1998-05-05 and once on 1998-05-30. On 1998-08-22, after no network time input for nearly three months, the clock was just 0.21 seconds off."
Anyways, I hope this helps, and please keep up the good work with Chandler!
Posted by: Mitch Kapor ![[TypeKey Profile Page]](http://blogs.osafoundation.org/mitch/nav-commenters.gif)
at March 18, 2005 08:28 PM