url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Warning: The system clock inside Kicksecure is set to UTC to prevent against time zone leaks. This means it may be a few hours ahead or behind the user's host system clock. It is strongly recommended not to change this setting.

Warnings Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Warnings Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Warnings|Warnings]]
Copy as Wikitext Click = Copy Copied to clipboard! [Warnings](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Warnings)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Warnings](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Warnings)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Warnings]Warnings[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

A reasonably accurate host clock is crucially important. An inaccurate clock can lead to:

A) Broken internet connectivity, and
B) Time Attacks.

Therefore, at all times it is recommended to have a host clock with accuracy of up to ± 30 minutes. Clocks that are days, weeks, months or even years slow or fast can lead to many issues such as connectivity problems with Tor, inability to download operating system upgrades and inaccessible websites. ^[1]

Follow the platform-specific recommendations below to avoid Tor connectivity problems and to limit possible adverse anonymity impacts.

All Platforms Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#All_Platforms Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#All_Platforms|All Platforms]]
Copy as Wikitext Click = Copy Copied to clipboard! [All Platforms](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#All_Platforms)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [All Platforms](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#All_Platforms)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#All_Platforms]All Platforms[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

To protect against time zone leaks, the system clock inside Kicksecure is set to UTC. This means it may be a few hours before or ahead of your host system clock. Do not change this setting!

If the host clock (in UTC! ^[2] ^[3]) is more than 1 hour in the past or more than 3 hours in the future, Tor cannot connect. In this case, manually fix the host clock by right-clicking on it, and also check for an empty battery. Then, power off and power on the Kicksecure (kicksecure) and Tor should be able to reconnect.

Easy instructions Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Easy_instructions Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Easy_instructions|Easy instructions]]
Copy as Wikitext Click = Copy Copied to clipboard! [Easy instructions](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Easy_instructions)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Easy instructions](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Easy_instructions)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Easy_instructions]Easy instructions[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Kicksecure: It is strongly discouraged to use the pause / suspend / save / hibernate features.

Template:Q project name: It is strongly discouraged to use the pause feature of Qube Manager, but it is is safe to use the suspend or hibernate feature of dom0.

Advanced instructions Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Advanced_instructions Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Advanced_instructions|Advanced instructions]]
Copy as Wikitext Click = Copy Copied to clipboard! [Advanced instructions](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Advanced_instructions)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Advanced instructions](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Advanced_instructions)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Advanced_instructions]Advanced instructions[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

If you are interested in using the pause / suspend / save / hibernate features, please click the expand button for further instructions.

Restart sdwdate Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Restart_sdwdate Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Restart_sdwdate|Restart sdwdate]]
Copy as Wikitext Click = Copy Copied to clipboard! [Restart sdwdate](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Restart_sdwdate)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Restart sdwdate](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Restart_sdwdate)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Restart_sdwdate]Restart sdwdate[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

To restart sdwdate.

Start Menu → Applications → System → Time Synchronization Monitor (sdwdate-gui) → restart sdwdate

Or in a terminal. ^[8]

Click = Copy Copied to clipboard! sudo /usr/lib/sdwdate/restart_fresh

Manually Set Clock Time and Date Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Manually_Set_Clock_Time_and_Date Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Manually_Set_Clock_Time_and_Date|Manually Set Clock Time and Date]]
Copy as Wikitext Click = Copy Copied to clipboard! [Manually Set Clock Time and Date](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Manually_Set_Clock_Time_and_Date)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Manually Set Clock Time and Date](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Manually_Set_Clock_Time_and_Date)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Manually_Set_Clock_Time_and_Date]Manually Set Clock Time and Date[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Usually not required.

In case sdwdate fails to properly randomize the system clock, it is possible to manually set a random value.

The first step should be completed on the host to ensure the host clock is set to the correct time.

1. On the host ([[Kicksecure-Qubes|Template:Q project name]]: dom0), run the following command to report the time in UTC.

Click = Copy Copied to clipboard! date -u

The output should be similar to the following. ^[9]

Click = Copy Copied to clipboard! Apr 09 23:21:44 UTC 2025

2. Set the correct time in Kicksecure (kicksecure).

Run the following command with the correct date and time parameters. ^[10] ^[11]

clock-random-manual-gui: a randomized clock setting (in UTC) is entered via a GUI.
clock-random-manual-cli: a randomized clock setting (in UTC) is entered on the command line. For example ^[12]:

Click = Copy Copied to clipboard! echo "Apr 09 23:21:44 UTC 2025" | sudo clock-random-manual-cli

3. Restart sdwdate.

Click = Copy Copied to clipboard! sudo service sdwdate restart

4. If Tor is still not functional, try restarting Tor.

Click = Copy Copied to clipboard! sudo service tor restart

Tor should work once correct clock values are set, but that can be manually tested with systemcheck.

Block Networking until sdwdate Finishes Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Block_Networking_until_sdwdate_Finishes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Block_Networking_until_sdwdate_Finishes|Block Networking until sdwdate Finishes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Block Networking until sdwdate Finishes](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Block_Networking_until_sdwdate_Finishes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Block Networking until sdwdate Finishes](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Block_Networking_until_sdwdate_Finishes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Block_Networking_until_sdwdate_Finishes]Block Networking until sdwdate Finishes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

sdwdate is a Tor-friendly replacement for rdate and ntpdate that sets the system's clock by communicating via end-to-end encrypted TCP with Tor onion webservers. Since timekeeping is crucial for security and anonymity, blocking network access until sdwdate succeeds is sensible. ^[13]

sdwdate is functional on both Kicksecure and Kicksecure, but in some cases it is possible for the time to leak before it is changed. Potential leak channels include time or other servers, daemons, and client programs such as Tor Browser which are used before sdwdate successfully finishes. ^[14] In this case, the user is only left with the protections afforded by Boot Clock Randomization. ^[15]

Inside Kicksecure and Kicksecure.

([[Qubes|Template:Q project name]]: It is the easiest to apply changes in the Kicksecure and Kicksecure TemplateVMs since these settings will be inherited by all TemplateBasedVMs. Alternatively, apply this setting in TemplateBasedVMs, see footnote. ^[16])

1. Edit the Kicksecure firewall configuration.

In both Kicksecure (kicksecure-17) and Kicksecure (kicksecure-17), run.

Open file /etc/whonix_firewall.d/50_user.conf in an editor with root rights.

See Open File with Root Rights for detailed instructions on why to use sudoedit for better security and how to use it.

Note: Mousepad (or the chosen text editor) must be closed before running the sudoedit command.

Click = Copy Copied to clipboard! sudoedit /etc/whonix_firewall.d/50_user.conf

NOTES:

When using Kicksecure-Qubes, this needs to be done inside the Template.

Click = Copy Copied to clipboard! sudoedit /etc/whonix_firewall.d/50_user.conf

After applying this change, shutdown the Template.
All App Qubes based on the Template need to be restarted if they were already running.
This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.

This is just an example. Other tools could achieve the same goal.
If this example does not work for you or if you are not using Kicksecure, please refer to this link.

Click = Copy Copied to clipboard! sudoedit /etc/whonix_firewall.d/50_user.conf

2. Copy and paste the following text.

Click = Copy Copied to clipboard! firewall_mode=

3. Save the file and reboot.

4. Have the changes take effect.

Template:Non q project name: restart Kicksecure and Kicksecure.
Template:Q project name: shutdown the Kicksecure (kicksecure-17) and Kicksecure (kicksecure-17) TemplateVMs and restart the TemplateBasedVMs (kicksecure and kicksecure).

NTP Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#NTP|NTP]]
Copy as Wikitext Click = Copy Copied to clipboard! [NTP](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [NTP](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP]NTP[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Disabling NTP Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Disabling_NTP Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Disabling_NTP|Disabling NTP]]
Copy as Wikitext Click = Copy Copied to clipboard! [Disabling NTP](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Disabling_NTP)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Disabling NTP](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Disabling_NTP)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Disabling_NTP]Disabling NTP[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

If ISP tampering with NTP is ever confirmed, users are advised to disable NTP and manually update the host clock out-of-band. For example, a watch or atomic clock can be used for this purpose. If the tampering is targeted and not a widescale attack, then the user already has much bigger problems to worry about than NTP; see Confirmation Attacks.

If following the advice above -- disabling NTP on the host and adjusting the clock out-of-band -- be aware that clearnet traffic might be easier to fingerprint. ^[17] The reason is that it introduces a device issuing clearnet traffic (such as OS updates), but without the use of NTP. It is unknown how many people have NTP which is deactivated, broken, uninstalled, or never in fact installed in the first place. Also unknown is how many people are using alternative time synchronization methods such as authenticated NTP, tails_htp, tlsdate, sdwdate or similar. However, search engine research suggests that very few people fall into both these categories.

NTP Issues Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP_Issues Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#NTP_Issues|NTP Issues]]
Copy as Wikitext Click = Copy Copied to clipboard! [NTP Issues](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP_Issues)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [NTP Issues](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP_Issues)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#NTP_Issues]NTP Issues[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

The host system clock synchronization mechanism still uses unauthenticated NTP from a single source. This is not optimal, but there is no real solution to this problem. ^[18] A potential attack vector is created by this NTP behavior; the ISP and/or time server could either inadvertently or maliciously introduce a significant clock skew, or the host clock could simply malfunction.

If the host clock value is grossly inaccurate -- more than one hour in the past or more than 3 hours in future -- Tor cannot connect to the Tor network. ^[19] This is easily solved by manually fixing the clock on the host, then powering the Kicksecure (kicksecure) off and on again.

Another side effect of a significantly inaccurate host clock concerns operating system (OS) updates and cryptographic verification on the host. Until the host clock is manually fixed, it may no longer be possible to download updates or verify SSL certificates correctly with the host browser.

Users should always check whether a host clock defect relates to an empty battery before assuming the ISP is tampering with NTP.

Spoof the Initial Virtual Hardware Clock Offset Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Spoof_the_Initial_Virtual_Hardware_Clock_Offset Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Spoof_the_Initial_Virtual_Hardware_Clock_Offset|Spoof the Initial Virtual Hardware Clock Offset]]
Copy as Wikitext Click = Copy Copied to clipboard! [Spoof the Initial Virtual Hardware Clock Offset](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Spoof_the_Initial_Virtual_Hardware_Clock_Offset)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Spoof the Initial Virtual Hardware Clock Offset](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Spoof_the_Initial_Virtual_Hardware_Clock_Offset)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Spoof_the_Initial_Virtual_Hardware_Clock_Offset]Spoof the Initial Virtual Hardware Clock Offset[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Tip: Spoofing the initial virtual hardware clock offset is useful to prevent Clock Correlation Attacks.

KVM Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#KVM Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#KVM|KVM]]
Copy as Wikitext Click = Copy Copied to clipboard! [KVM](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#KVM)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [KVM](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#KVM)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#KVM]KVM[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

For KVM, click on Expand on the right.

Qubes Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Qubes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Qubes|Qubes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Qubes](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Qubes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Qubes](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Qubes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Qubes]Qubes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

TODO

Unfortunately, it is not yet possible to set a random clock offset for Template:Q project name VMs to prevent clock correlation attacks since it is unsupported by Xen. A related issue is denying Template:Q project name access to "clocksource=xen", which may not be possible without Linux kernel and/or Xen patches. For a detailed discussion of these issues, see here.

VirtualBox Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#VirtualBox Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#VirtualBox|VirtualBox]]
Copy as Wikitext Click = Copy Copied to clipboard! [VirtualBox](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#VirtualBox)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [VirtualBox](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#VirtualBox)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#VirtualBox]VirtualBox[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

For VirtualBox, click on Expand on the right.

Summary Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Summary Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Summary|Summary]]
Copy as Wikitext Click = Copy Copied to clipboard! [Summary](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Summary)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Summary](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Summary)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Summary]Summary[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Table: Network Time Synchonization Summary

Platform	Recommendations
All Platforms	Do not change system timezone. Tor cannot connect if the host clock is grossly inaccurate. In this case, users should manually fix the host clock before powering the Kicksecure (`kicksecure`) off and on again. Periodically check the host clock to ensure that it is accurate or approximately so. For greater security, block networking until sdwdate finishes.
Kicksecure	It is strongly discouraged to use the pause / suspend / save / hibernate features. Only spoof the initial virtual hardware clock offset after importing the VM.
Kicksecure-Qubes	It is strongly discouraged to use the pause feature of Qube Manager. it is is safe to use the suspend or hibernate feature of dom0.

Appendix Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Appendix Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Appendix|Appendix]]
Copy as Wikitext Click = Copy Copied to clipboard! [Appendix](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Appendix)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Appendix](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Appendix)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Appendix]Appendix[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Deactivate Automatic TimeSync Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Deactivate_Automatic_TimeSync Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Deactivate_Automatic_TimeSync|Deactivate Automatic TimeSync]]
Copy as Wikitext Click = Copy Copied to clipboard! [Deactivate Automatic TimeSync](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Deactivate_Automatic_TimeSync)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Deactivate Automatic TimeSync](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Deactivate_Automatic_TimeSync)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Deactivate_Automatic_TimeSync]Deactivate Automatic TimeSync[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

Warning: This action is recommended against and is usually not required. In all cases, first check with the Kicksecure developers.

To deactivate sdwdate, run.

Click = Copy Copied to clipboard! sudo service sdwdate stop

Click = Copy Copied to clipboard! sudo systemctl mask sdwdate

Footnotes Copy or share this direct link! Click = Copy Copied to clipboard! https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Footnotes Click below ↴ = Copy to Clipboard Click = Copy Copied to clipboard! [[Network_Time_Synchronization#Footnotes|Footnotes]]
Copy as Wikitext Click = Copy Copied to clipboard! [Footnotes](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Footnotes)
for Discourse, reddit, GitHub Click = Copy Copied to clipboard! [Footnotes](https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Footnotes)
Copy as Markdown Click = Copy Copied to clipboard! [url=https://www.kicksecure.com/wiki/Network_Time_Synchronization?direction=next&oldid=53724#Footnotes]Footnotes[/url]
Copy as phpBB Click below ↴ = Open social URL with share data We don't use embedded scripts This share button is completely self-hosted by this webserver. No scripts from any of the social networks are embedded on this webserver. See also Social Share Button.

↑ Due to invalid (not yet or no longer valid) TLS certificates.
↑ To view the system time in UTC on Linux platforms, run. Click = Copy Copied to clipboard! date --utc
↑ TODO: Show desktop clock in local time; keep system in UTC
↑ ^{Jump up to: 4.0} ^4.1 This is because the clock will be incorrect after system resume. A correct clock is important for anonymity (see Dev/TimeSync to learn more). When a user suspends or saves the VM state, the clock will stop and continue after resuming, leading to a time that lags behind the correct value. This can cause later Tor connectivity problems or introduce possible adverse anonymity impacts. The Kicksecure state should not be suspended or saved. It is far better to power it off when it is no longer needed. If this advice is ignored, Tor can become confused if the time is more than 1 hour in the past or more than 3 hours in the future. When this happens, Tor will only reconnect to the Tor network if the clock is manually fixed or powered off and on again.
↑ Similarly, if users suspend or save the Kicksecure state, the clock will again lag behind the correct value. This can be manually fixed by running: Start Menu → Applications → System → Time Synchronization Monitor (sdwdate-gui) → restart sdwdate.
↑ Qubes does not dispatch the /etc/qubes/suspend-post.d / /etc/qubes/suspend-pre.d hooks upon pause / resume using Qube Manager.
↑ https://github.com/QubesOS/qubes-issues/issues/1764
↑ Simplified in next upgrade. Click = Copy Copied to clipboard! sudo sdwdate-clock-jump
↑ Click = Copy Copied to clipboard! Mon Apr 22 04:30:44 UTC 2019
↑ A non-zero exit codes signifies an error, while 0 means it succeeded.
↑ Also see: Click = Copy Copied to clipboard! man clock-random-manual-gui Click = Copy Copied to clipboard! man clock-random-manual-cli
↑ Click = Copy Copied to clipboard! echo "Sat Oct 26 07:18:25 UTC 2019" | /usr/bin/clock-random-manual-cli
↑ https://forums.whonix.org/t/testers-wanted-blocking-networking-until-sdwdate-finished-status-of-sdwdate-gui/5372
↑ https://phabricator.whonix.org/T533
↑ Dev/TimeSync#Block_Networking_until_sdwdate_Finishes
↑
[[Kicksecure-Qubes|Template:Q project name]] only.

The procedure can optionally be completed in select TemplateBasedVMs (AppVMs) like kicksecure and kicksecure.
1. Edit the Kicksecure firewall configuration.
In the chosen Kicksecure TemplateBasedVMs, run.
Open file /usr/local/etc/whonix_firewall.d/*.conf in an editor with root rights.
Kicksecure
Kicksecure for Qubes
Others and Alternatives

Kicksecure

See Open File with Root Rights for detailed instructions on why to use sudoedit for better security and how to use it.
Note: Mousepad (or the chosen text editor) must be closed before running the sudoedit command.
Click = Copy Copied to clipboard! sudoedit /usr/local/etc/whonix_firewall.d/*.conf

Kicksecure for Qubes

NOTES:

When using Kicksecure-Qubes, this needs to be done inside the Template.

Click = Copy Copied to clipboard! sudoedit /usr/local/etc/whonix_firewall.d/*.conf

After applying this change, shutdown the Template.

All App Qubes based on the Template need to be restarted if they were already running.

This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.

Others and Alternatives

This is just an example. Other tools could achieve the same goal.

If this example does not work for you or if you are not using Kicksecure, please refer to this link.

Click = Copy Copied to clipboard! sudoedit /usr/local/etc/whonix_firewall.d/*.conf
2. Copy and paste the following text.
Click = Copy Copied to clipboard! firewall_mode=
3. Save the file and reboot.
↑ See the Fingerprint page to discover what fingerprinting means in this case.
↑ See Design: Dev/TimeSync.
↑ In this case, Tor cannot verify the Tor consensus.
↑ biossystemtimeoffset is used to unlink the virtualizer's initial clock synchronization of the VM from the host clock.
↑ After powering on a VM, it initially synchronizes the VM clock with the host clock until Kicksecure Timesync adjusts it.
↑ Clock skews can lead to linkability, meaning the user would be pseudonymous rather than anonymous.

Kicksecure

A secure by default operating system with the latest security research in place.

Dark mode

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

[1] Due to invalid (not yet or no longer valid) TLS certificates.

[2] To view the system time in UTC on Linux platforms, run. Click = Copy Copied to clipboard! date --utc

[3] TODO: Show desktop clock in local time; keep system in UTC

[gateway_pause-4] {Jump up to: 4.0} ^4.1 This is because the clock will be incorrect after system resume. A correct clock is important for anonymity (see Dev/TimeSync to learn more). When a user suspends or saves the VM state, the clock will stop and continue after resuming, leading to a time that lags behind the correct value. This can cause later Tor connectivity problems or introduce possible adverse anonymity impacts. The Kicksecure state should not be suspended or saved. It is far better to power it off when it is no longer needed. If this advice is ignored, Tor can become confused if the time is more than 1 hour in the past or more than 3 hours in the future. When this happens, Tor will only reconnect to the Tor network if the clock is manually fixed or powered off and on again.

[5] Similarly, if users suspend or save the Kicksecure state, the clock will again lag behind the correct value. This can be manually fixed by running: Start Menu → Applications → System → Time Synchronization Monitor (sdwdate-gui) → restart sdwdate.

[6] Qubes does not dispatch the /etc/qubes/suspend-post.d / /etc/qubes/suspend-pre.d hooks upon pause / resume using Qube Manager.

[7] ttps://github.com/QubesOS/qubes-issues/issues/1764

[8] Simplified in next upgrade. Click = Copy Copied to clipboard! sudo sdwdate-clock-jump

[9] Click = Copy Copied to clipboard! Mon Apr 22 04:30:44 UTC 2019

[10] A non-zero exit codes signifies an error, while 0 means it succeeded.

[11] Also see: Click = Copy Copied to clipboard! man clock-random-manual-gui Click = Copy Copied to clipboard! man clock-random-manual-cli

[12] Click = Copy Copied to clipboard! echo "Sat Oct 26 07:18:25 UTC 2019" | /usr/bin/clock-random-manual-cli

[13] ttps://forums.whonix.org/t/testers-wanted-blocking-networking-until-sdwdate-finished-status-of-sdwdate-gui/5372

[14] ttps://phabricator.whonix.org/T533

[15] Dev/TimeSync#Block_Networking_until_sdwdate_Finishes

[16] 

[[Kicksecure-Qubes|Template:Q project name]] only.

The procedure can optionally be completed in select TemplateBasedVMs (AppVMs) like kicksecure and kicksecure.

1. Edit the Kicksecure firewall configuration.
In the chosen Kicksecure TemplateBasedVMs, run.
Open file /usr/local/etc/whonix_firewall.d/*.conf in an editor with root rights.

Kicksecure
Kicksecure for Qubes
Others and Alternatives

Kicksecure

See Open File with Root Rights for detailed instructions on why to use sudoedit for better security and how to use it.
Note: Mousepad (or the chosen text editor) must be closed before running the sudoedit command.
Click = Copy Copied to clipboard! sudoedit /usr/local/etc/whonix_firewall.d/*.conf

Kicksecure for Qubes

NOTES:

When using Kicksecure-Qubes, this needs to be done inside the Template.

Click = Copy Copied to clipboard! sudoedit /usr/local/etc/whonix_firewall.d/*.conf

After applying this change, shutdown the Template.

All App Qubes based on the Template need to be restarted if they were already running.

This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.

Others and Alternatives

This is just an example. Other tools could achieve the same goal.

If this example does not work for you or if you are not using Kicksecure, please refer to this link.

Click = Copy Copied to clipboard! sudoedit /usr/local/etc/whonix_firewall.d/*.conf

2. Copy and paste the following text.
Click = Copy Copied to clipboard! firewall_mode=
3. Save the file and reboot.

[17] Kicksecure

[18] Kicksecure for Qubes

[19] Others and Alternatives

[20] When using Kicksecure-Qubes, this needs to be done inside the Template.

[21] After applying this change, shutdown the Template.

[22] All App Qubes based on the Template need to be restarted if they were already running.

[23] This is a general procedure required for Qubes and unspecific to Kicksecure for Qubes.

[24] This is just an example. Other tools could achieve the same goal.

[25] If this example does not work for you or if you are not using Kicksecure, please refer to this link.

[17] See the Fingerprint page to discover what fingerprinting means in this case.

[18] See Design: Dev/TimeSync.

[19] In this case, Tor cannot verify the Tor consensus.

[20] biossystemtimeoffset is used to unlink the virtualizer's initial clock synchronization of the VM from the host clock.

[21] After powering on a VM, it initially synchronizes the VM clock with the host clock until Kicksecure Timesync adjusts it.

[22] Clock skews can lead to linkability, meaning the user would be pseudonymous rather than anonymous.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

[20]

[21]

[22]

Network Time Synchronization

Contents

Kicksecure

Kicksecure for Qubes

Others and Alternatives

Kicksecure

Kicksecure for Qubes

Others and Alternatives

Navigation menu

Network Time Synchronization

Kicksecure

Kicksecure for Qubes

Others and Alternatives

Kicksecure

Kicksecure for Qubes

Others and Alternatives

Navigation menu

Search

Disable server cache for this browser

Debug vis URL