Great talk, interesting idea. Based on the results from my testing I could see how this would easily fingerprint me.

I wonder how well this technique is at bypassing network scan detection tools. After all, a bunch of requests to HTTP/S is par for the course for that protocol. The only red flag being that the requests are trying odd ports for that protocol.

At what point do sandboxes need to pad the time out for every system call?