The Internet's Time Is Flawed–Why No One Is Talking About It
Due to network latency & asymmetry, even widely trusted time sources can drift by ±50ms or more. HTTPS-based synchronization has inherent protocol limitations that prevent true atomic accuracy. Engineers on NTP forums have confirmed that half of RTT (Round Trip Time) is the firm limit—meaning most public clocks are way less accurate than we assume. This raises some serious questions: 1⃣ How bad is the drift in real-world applications? 2⃣ Is there a way to make HTTPS time synchronization truly accurate? 3⃣ Are industries (finance, security, cryptography) unknowingly relying on bad time data?
I’m curious if others have tested this or if this is an even bigger problem than we think.
Some engineers are experimenting with ways to push accuracy below 10ms, but there’s no widespread solution yet. Thoughts?
26 comments
[ 5.1 ms ] story [ 68.4 ms ] threadnthing the objection that anyone who needs an accurate clock is getting it via NTP
So again what internet applications actually care about millisecond or even submillisecond precision?
you're absolutely correct
[1] - https://chrony-project.org/examples.html
[2] - https://chrony-project.org/faq.html
HTTPS isn't usually used as far as I'm aware. Wait until you discover that your time server's TLS certificate has "expired" according to your local machine; or hasn't yet become valid (valid in the "future"). Good luck syncing after that!
Most services use some version of NTP; here's NTPv3 spec: https://datatracker.ietf.org/doc/html/rfc1305 but there are others.
> Due to network latency & asymmetry, even widely trusted time sources can drift by ±50ms or more
Yup! Some people would call that a feature to enable leap second smearing.
> most public clocks are way less accurate than we assume
I would bet you're right but I don't recall any studies to measure how bad the problem is. It sounds like you might be barking up somewhere with possibility for unique studies and information!
> Some engineers are experimenting with ways to push accuracy below 10ms
Get rid of HTTP and you can get accuracy below 1ms. HTTP takes up a lot of compute compared to NTP.
Hilariously, openntpd does it the opposite way, and will go check a HTTPS site to decide what time range might possibly be valid.
https://man.openbsd.org/ntpd.conf#CONSTRAINTS
And if you truly require better accuracy, using a GPS units for high acuracy PTP is a thing.
Second— inaccurate time really is only a “problem” if it is not accurate enough. For the purposes of TLS, the current typical time error seems to be well within the tolerance of most communications.
There are plenty of people talking about time synchronization if you know where to look. If you really need something more accurate than NTP, use a PCI card that gathers time from GPS or using a time signal radio broadcast (eg, NIST’s).
If you want time more accurate than 50ms, there are tons of options. NTP is not remotely one that any competent scientist or engineer would employ. This is basically the equivalent of saying "I've looked into it, and Toyota Corollas do not have a 0 - 60 time of less than one second." - and that would be the answer to why no one is talking about it.
For most civilian purposes, time sync is done with NTP, which, using Marzullo's algorithm, can reduce error to around 0.5% of RTT, nothing like "half of RTT". Did you read "0.5%" and thought it meant "50%"?
Is your complaint about something specific? This problem seems imaginary.
> Engineers on NTP forums have confirmed that half of RTT (Round Trip Time) is the firm limit
Which engineers? That statement is not true.
> Some engineers are experimenting with ways to push accuracy below 10ms
Which engineers? NTP accuracy is typically around 0.5ms in good conditions.
The use of the ’ smart apostrophe and the weird 1⃣2⃣ makes me think this post was written by a very confused AI.
[1] https://en.wikipedia.org/wiki/Dash#Spacing_and_substitution
[2] https://www.merriam-webster.com/grammar/em-dash-en-dash-how-...
[3] https://learn.microsoft.com/en-us/style-guide/punctuation/da...
Industries that care aren’t sourcing time across residential ISP links and consumer NTP sources. But, for most people it’s accurate enough.
https://en.wikipedia.org/wiki/Relativity_of_simultaneity
Maybe ask yourself how applications that are serious about time deal with sync'ing remote sites. Follow that with how many real world internet applications need those levels of accuracy | correlation over distance.
Two examples at the higher end:
* Multiple Gravity sensors across the globe; these need to filter out passing trucks in some US state that don't also occur at the same time in Australia.
* Square Kilometre Array, with radio astronomy dishes and other sensors on opposite sides of the planet.
Both these projects have additional fun quirks; a signal travelling from (say) the heart of the milky way will encounter sensors on a rotating planet that is sometimes orbiting away from the signal and sometimes towards the signal, depending upon time of year.
Both the projects highlighted have been "in the works" since the 1980s. What are the timing requirements in these? What solutions are in play?