Post Syndicated from original https://lwn.net/Articles/910435/

Back in May 2022, a mysterious set of patches titled insufficient TCP
source port randomness crossed the mailing lists and was subsequently
merged (at -rc6) into the 5.18 kernel. Little information was available at
the time about why significant changes to the networking stack needed to be
made so late in the development cycle. That situation has
finally changed with the publication of this paper by Moshe Kol,
Amit Klein, and Yossi Gilad. It seems that the way the kernel chose port
numbers for outgoing network connections made it possible to uniquely
fingerprint users.