[Whonix-devel] SecureDrop

Patrick Schleizer adrelanos at riseup.net
Thu Feb 5 15:46:21 CET 2015

Hello, I a developer of an anonymity centric distribution. Similar to
TAILS but optimized for virtual machines. The Whonix Project.

In the same way, we need to use a source to calibrate our system clock.
That isn't NTP, for one because NTP uses UDP and the Tor network does
not support UDP and a few other reasons. The way this is done at the
moment is to fetch HTTP headers over SSL from trusted servers and use
the timestamp data at the time.

We wanted to get rid of SSL and make use of the strong security
properties of Tor's end to end encryption for Hidden Services to
safeguard against clearnet SSL man in the middle attacks, that are
within reach of powerful adversaries at the moment.

We are asking permission to use your SecureDrop Hidden Service instances
as one of our time sources.

We are going to add multiple trustworthy hidden services to the list for
redundancy and to distribute the load. Our estimated user base is 5000.
The requests will only involve fetching a HTTP header from your server.

By replying to this e-mail, your answer will be posted on the
whonix-devel public mailing list. Please let us know if this use case is
alright with your SecureDrop Hidden Service instance.


More information about the Whonix-devel mailing list