[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18213 [Tor]: The parameter WarnUnsafeSocks does not work as specified in the documentation, no warning is logged in the log file

#18213: The parameter WarnUnsafeSocks does not work as specified in the
documentation, no warning is logged in the log file
-----------------------------------------------+---------------------------
 Reporter:  propropus                          |          Owner:
     Type:  defect                             |         Status:
 Priority:  High                               |  needs_information
Component:  Tor                                |      Milestone:  Tor:
 Severity:  Major                              |  0.2.8.x-final
 Keywords:  WarnUnsafeSocks, Log 027-backport  |        Version:
Parent ID:                                     |     Resolution:
 Reviewer:                                     |  Actual Points:
                                               |         Points:
                                               |        Sponsor:
-----------------------------------------------+---------------------------

Comment (by arma):

 Replying to [comment:7 dgoulet]:
 > We should srubbed() the port number here in the log.

 Why? We want this log to be useful. Hm. There's definitely a conflict
 here. The man page offers
 {{{
            This way logs can still be useful, but they donât leave behind
            personally identifying information about what sites a user
 might
            have visited.
 }}}
 Are destination ports PII? "It depends."

 > Also, I'm worried of a side effect on the user here.
 >
 > This adds a warning that could scare a user (maybe that's the whole
 point). I, for instance, often use IPs for my torsocks SSH and with this
 patch I'm getting quite a bit of warning in my notice log (even though
 it's rate limited) but still it's on purpose...

 Then you should either see the warnings and decide they're ok, or turn off
 this warning feature in Tor because you know you're using an unsafe socks
 variant and you've decided it's ok?

 > Are we worried about that? I am a bit to be honest... maybe it's just
 me.

 The even more complicating issue here is that back when I made all these
 config options, users actually knew what logs were and they looked at
 them. Now only the expert power users know that there *are* logs.
 Actually, no, now only the expert power users *have* logs at all. So we
 might want to do a bigger rethink here.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18213#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs