[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?

To: undisclosed-recipients:;
Subject: [tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 27 Apr 2012 05:30:06 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 27 Apr 2012 01:30:17 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5684: Should we stop sanitizing nicknames in bridge descriptors?
------------------------------------+---------------------------------------
 Reporter:  karsten                 |          Owner:     
     Type:  enhancement             |         Status:  new
 Priority:  normal                  |      Milestone:     
Component:  Metrics Data Processor  |        Version:     
 Keywords:                          |         Parent:     
   Points:                          |   Actualpoints:     
------------------------------------+---------------------------------------
 When we started making
 [https://metrics.torproject.org/formats.html#bridgedesc sanitized bridge
 descriptors] available on the metrics website we replaced all contained
 nicknames with "Unnamed".  The reason was that "bridge nicknames might
 give hints on the location of the bridge if chosen without care; e.g. a
 bridge nickname might be very similar to the operators' relay nicknames
 which might be located on adjacent IP addresses."

 This was an easy decision back then, because we didn't use the nickname
 for anything.  This has changed with #5629 where we try to count EC2
 bridges which all have a similar nickname.  So, while we don't have that
 information, there'd now be a use for it.  Another advantage of having
 bridge nicknames would be that they're easier to look up in a status
 website like Atlas (which doesn't support searching for bridges yet).  We
 should re-consider whether it still makes sense to sanitize nicknames in
 bridge descriptors or not.

 Regarding the reasoning above, couldn't an adversary just scan adjacent IP
 addresses of all known relays, not just the ones with similar nicknames?
 And are we giving away anything else with the nicknames?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5684>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5683 [Tor Client]: add libtool support to tor
Next by Author: Re: [tor-bugs] #5629 [BridgeDB]: How many EC2 bridges do we have?
Previous by thread: Re: [tor-bugs] #5267 [arm]: Erroneous 'Unable to determine fingerprint' warnings
Next by thread: Re: [tor-bugs] #5684 [Metrics Data Processor]: Should we stop sanitizing nicknames in bridge descriptors?
Index(es):
- Author
- Thread