timedatectl Should Not be Enabled by Default: Privacy/Anonymity risks

[intrigeri]

Hi,

bancfc wrote (26 Jul 2015 18:19:59 GMT) :
> The research comes from WhonixOS a privacy centric distro like TAILS.

For the record, this does not imply any position from Tails regarding
this topic: the Tails threat model generally does not apply as-is
to Debian.

Also, it would be good to describe what exact threat model you see
timedatectl as a security/privacy problem, so Debian has the data to evaluate
if/how its default installation settings behave in that context:
looking at one single potential issue in isolation does not make much
sense to me, if there are potentially dozens of other ways for an
attacker to do what they want. Thanks in advance!

To end with, I'm wondering whether this email is really
about timesyncd.

Cheers,
-- 
intrigeri