Is it a security (or privacy) concern to change the time zone in settings on my desktop and on iOS to something other than my local time?
If yes, it is a big security concern and a big no-no?
I recently ran into an issue with 2FA/TOTP code synchronization but if that is the only issue and rare (it seems), I am ok with that, I think.
It should not be a security issue, but could potentially be a privacy issue depending on your threat model.
Ok. I should edit my post to include privacy.
How could it potentially be a privacy issue? Please explain.
I know this isn’t a thread model, but I describe mine as low or average. I just want to protect myself as much as possible from all the pervasive and invasive data collection going on and for surveillance capitalism.
If you have a low-er threat model and are not strictly concerned about anonymous browsing or nation state level surveillance then I can not really articulate a way in which this could be a privacy issue.
Where timezone mismatches could be a privacy issue, from my understanding, is in situations where anonymity is important, and sites/adversaries could potentially de-anonymize users by exposing that the IP region (and local timezone if set independently of the system timezone) does not match the system time zone
Ok. Got it. Thanks!
I had been wondering for sometime if there was a way to make the “System” clock match on android what ever region the VPN exit node is.
I notice I get dinged 15 points for a privacy score if there is a timezone mismatch on this particular website.
Yes, it may prevent you from accessing the Internet due to digital certificates being issued in the future, etc:
Thanks for responding. I will check out that link.
In my case my local time is +1 hr ahead of my system time. Does that change anything/matter, since the certificates would not be from the future?
Quickly scanning that article… I should probably edit my first post since I maybe described it wrong. I maybe did not change the system time but went into Settings - System - Date and Time - Time Zone and changed it there. Maybe the OS is still using the correct local time or UTC and my computer UI shows me the time I change it to. Local -1hr.
Edit: I just check in terminal and using the date command it says the time is the same as the time displayed in my top panel. So I assume the system time is -1 hr from my local time.
Not exactly what you asked for but close
If your timezone incorporates less humans the anonset is less, you are standing out.
macOS by default uses the unencrypted and unauthenticated Network Time Protocol (NTP) for time synchronization.
Thanks! That is a great point!
I forgot…or wasn’t really thinking about the fingerprinting aspect. I will certainly stand out more with the timezone I am using to stay on standard time.
I use Linux not MacOS but I should still probably switch back to my system time being my local time and find another way (the clock app and analog clocks) to stay on standard time.
Still don’t know if it is a big security concern, but as you pointed out it is a fingerprinting and thus privacy concern for sure.