[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 26 Apr 2011 01:13:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 25 Apr 2011 21:14:01 -0400
In-reply-to: <046.5e744a9f86df43922582284384d4b15d@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <046.5e744a9f86df43922582284384d4b15d@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2988: information disclosure: operating system and platform
-----------------------+----------------------------------------------------
 Reporter:  tagnaq     |          Owner:     
     Type:  defect     |         Status:  new
 Priority:  normal     |      Milestone:     
Component:  Tor Relay  |        Version:     
 Keywords:             |         Parent:     
   Points:             |   Actualpoints:     
-----------------------+----------------------------------------------------

Comment(by arma):

 Yeah, this one is more controversial. (I suspect this trac entry is a
 duplicate of several others.)

 The trouble is that we actually use this general info for statistics, to
 get a sense of network growth, to understand if a certain bug is troubling
 certain subsets of our relays only, etc.

 We used to provide much more detail, and we pared it down to just OS and
 arch. (I believe
 Tor 0.2.2.7-alpha and later provide less info about Windows than your
 example.)

 Making it optional reduces the value to us a lot. Might as well just take
 it out if we are to do that.

 I'm not convinced that the information we're revealing is increasing the
 harm greatly, compared to what you could learn anyway by remote
 fingerprinting.

 The flip side is a) if you can know exactly what the platform and arch is,
 you can do your exploits with less risk of getting noticed, and remote
 fingerprinting really isn't perfect, and b) come on, how much value is
 there really in knowing this stuff.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2988#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Next by Author: Re: [tor-bugs] #2813 [Tor bundles/installation]: tor browser bundle for osx with ff4 crashes on start
Previous by thread: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Next by thread: Re: [tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Index(es):
- Author
- Thread