[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Anonymity-preserving collection of usage data of a hidden service authoritative directory

Hash: SHA1

How can we collect data on the usage of a hidden service authoritative
directory in an anonymity-preserving way? Or, the question that comes
before: Can we?

This data could be vital for designing a decentralized storage of hidden
service descriptors. Are there 10 or 1000 hidden services running at a
time? Are fetch requests distributed equally over all hidden services or
are there hot spots? Those questions cannot be answered without some
real data.

Obviously, such a collection needs to be done in an anonymity-preserving
way. Though the anonymity of hidden services does not rely primarily on
the integrity of the directory operator, it plays a role. The operator
can find out which hidden service is online or attack its introduction
points (see my other posting on encrypting descriptors).

Here are two ideas of how to collect this data:

1. One of the directory server operators could temporarily add a handful
of logging statements to the code that writes publish and fetch requests
for hidden service descriptors with inquired onion addresses to a log
file. He could then anonymize onion addresses by consistently replacing
them with something like hash(onion address + "some random number to
forget afterwards") and publish them on the Tor homepage. Everyone could
make a statistic from the data, but nobody would be able to identify a
certain hidden service.

2. We extend the code permanently to create a new status page containing
hidden service directory activity. This could include _aggregated_
values, e.g. number of fetches in 15-minute intervals of the last 24
hours (comparable to bandwidth measurement).

Are there other concerns regarding anonymity that I have overlooked?
Arguments for or against one of the two solutions? Other solutions?
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org