Seeing as this is a Community Guide, this is for anyone who “just got here” and doesn’t quite understand the ramifications of syncing your Qubes OS machine with only Fedora NTP servers…
The Network Time Protocol - Explained without any technical jargon:
How do they know what time it is?
Basically, a bunch of guys and gals have a bunch of caesium, rubidium, and other oscillating elements, and have big computers that measure that oscillation, and they use it to keep their computer’s clocks accurate (Stratum 1).
These guys and gals are also nice enough to host servers that anyone can ask what time it is, and sync their clocks too (Stratum 2).
And a bunch of other guys and gals who are concerned about those servers getting overwhelmed with requests, have set up their own servers, too, to ease the load on the ones higher up the chain. They sync their servers off the secondary servers, instead of the atomic clocks (Stratum 3).
And so on, until you have your home router 14 more levels down the chain, being the “time authority” for your network.
However, like a DNS server or Tor node, you have to earn people’s trust. If your server is found to be doing shenanigans (timing attacks, man in the middle, spoofing), people will drop your server very quickly…
What does your computer actually do to sync its clock?
- Your computer puts “Hey, what time is it?” (and in some cases “I think it’s 01/01/1970”) into a data packet
- Your computer picks an NTP server (completely arbitrary, and up to the user)
- Your computer sends the packet off on its way, and starts a stopwatch, to time how long it takes to receive the response.
- The NTP Server will send back a data packet that says:
- The accurate time when the package was sent to you
- If there was any delay besides “the speed of light”, and if so, timings of the delays
- Slow server calculation
- Sometimes, a bunch of other obscure things that account for time dilation in space (GPS satellites, etc.)
- When your computer receives the response packet, the stopwatch stops.
- Your computer then assumes that time declared by NTP server + stopwatch time - any declared delays = the REAL current time, and changes its clock accordingly
- Sometimes the NTP server will say “Ok, I’ll keep you on my list for the next 12 hours (or however long). Every hour, I’ll update you with the current time. You don’t even have to ask me for it. You already have enough info to calculate the time yourself”
- After 2014, NTP servers will also include their signature in the response.
Pretty clever, actually 
When Qubes OS syncs its clock, what does the NTP server actually see?
- Just a standard “What’s the time?” packet
- Nothing about Qubes OS
- Only the WAN IP of whatever network you’re connected to
- …assuming IPv4. IPv6 they can potentially see your unique global IPv6 address (Google that if you want to know what that is)
So then, who uses encryption keys?
The server, to sign the time, so that you can trust that nobody has messed with it while it was on its way to you.
Wait, so everyone can see that I am syncing my clock?
Everyone can see “What’s the time?” and “When I received your question, it was 4:46pm!”. No OS information, no other unique identifiers except the return address.
Can I pick which NTP servers I ask?
You can pick as many or as few NTP servers as you wish. You can even host your own (but remember they have to get their time from somewhere 
)
But if I ask the Fedora NTP servers, won't everyone know I'm using Fedora?
Well, whoever is passing that data packet along will see the sender and recipient, and might make an assumption that you could be a Fedora user.
If that is an issue for you, then you can arbitrarily replace them with whatever NTP server you like.
It was definitely a big issue for the Tails community 2 years ago:
Can you contact an NTP server via Tor?
Yes and no. NTP packets are UDP, which the Tor Project currently don’t officially route. Only TCP. But that could be changing soon.
Whilst you can tunnel UDP packets via onion routing, the exit node will not spit them out for you as UDP packets. You have to spit them out at a proxy over TCP who will then send them out as UDP packets to the NTP server.
Also, some, if not most NTP servers will refuse to accept anything from Tor exit nodes.
This is where sdwdate in Whonix comes in. It allows clocks to be synced over Tor via onion servers acting as NTP proxies.
How inaccurate can your clock be before Tor stops working?
Not more than 1 hour slow, and not more than 3 hours fast.
This means that it is possible to set your clock to the approximate time manually without NTP, if you feel that better suits your use case.
Do NTP servers store data packets you send them?
I suppose some of them might, but the network operator would more likely be the one who stores them for analysis…
Why would someone want your computer's clock to be wrong?
- Someone could potentially trick your computer into accepting authentication with an expired key (but because the clock’s wrong, your computer thinks it’s still valid)
- Most web servers require you to declare your system clock time in the request, and if it’s fast or slow by more than a certain amount (usually 6-12 hours), it’ll refuse to server you anything requiring authentication or encryption
- Ever tried to update your system packages and your computer thinks it’s 01/01/1970?
- Ever tried to update your system packages and your computer thinks it’s 01/01/1970?
Are there hardware alternatives to NTP?
And for those who want to actually BE their own NTP server so they never have to ask anyone else over the internet, there’s always this:
OCP-TAP Time Card | Makerfabs
$1,500USD might actually be within some people’s price range.
You can’t really do much without on the internet if your clock’s wrong nowadays. It messes up encryption and certificates, and opens up quite a lot of vulnerabilities that a lot of big players have been bitten by in the past.
