Via Slashdot, check out this article. A UCSD grad student named Tadayoshi Kohno has published an interesting paper outlining a way to fingerprint computers remotely.

The trick is to analyze the timestamps on packets. Like a postmark, timestamps are sometimes applied to outgoing parcels of data to help the routing systems that will carry them work more efficiently: knowing when a message originated can help order it, determine when clogs occur, and otherwise optimize traffic.

The sneaky part is Kohno's realization that these timestamps might reflect a phenomenon called clock drift. See, the crystal in your computer doesn't keep perfect time -- it's more precise than accurate, incrementing a very reliable amount that is usually somewhat different from the intended amount. As time passes, the clock gets further and further out of sync with "real" time. Thanks to handy software, your clock might resynchronize with an online atomic clock or otherwise be periodically adjusted, but the rate of drift remains fairly constant. Kohno has shown that even though the clock used for timestamps is usually one or more layers abstracted from your system clock, it still reflects the same drift -- regardless of your operating system.

The result is that a system could collect an apparently undifferentiable batch of transmissions from a group of computers, then sort them out by their clock drift. Even if your physical location, IP address, operating system and connection method all change, you can be fingerprinted based on your clock drift. And it can be done from anywhere on the internet.

Time to start furiously deleting those naughty BitTorrent downloads? Well, not yet. The process only extracts six bits of significant data -- get a crowd of more than 60some computers together and some of the clock drifts will be statistically identical. Still, you can bet the NSA and other internet boogeymen are paying attention to this: as a supplemental means of identification, it could be pretty useful for tying together seemingly-unconnected pieces of evidence, as if a series of mailbombs with varying postmarks were suddenly all found to be addressed in the same handwriting.

The real fix would be to drop the timestamps -- they're not a mandatory part of the TCP/IP spec. I'm sure some paranoid open source hackers will roll out a Linux distro that does just that, but it seems unlikely that Microsoft and Apple will see any value in doing so. A more likely mainstream fix? Someone will write a little system-tray app that constantly jiggers your clock by a few fractions of a millisecond. Keep your darting eyes peeled, my friends.

For those somehow unaware, Charles is Catherine and my roommate. And today's his twenty-fifth birthday! Wow. Sniff -- they grow up so fast. It's hard to believe it's been a whole year since the last time I bought Charles drinks until he threw up. I guess that'll make tonight a trip down memory lane.

It's nice to have traditions.