[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] GSoC: Implement consensus diffs



On Tue, Apr 22, 2014 at 11:10:27 -0400, Ian Goldberg wrote:
> The proposal (140) doesn't appear to discuss the client
> fingerprintability aspect of this: they reveal the last time they used
> Tor (if recentish).  Say you're a mobile client that gets a dynamic IP
> address.  With this, you reveal that you probably aren't or maybe are
> the same person that was last seen over there at that particular time.
> 
> What are the implications here?

As far as I understand, Tor clients fetch the consensus documents from a
random authority at first, and then from caches at somewhat random times
- reading from [0] at section 5.1.

Since it starts using caches and building circuits after fetching the
first consensus from an authority, I don't see how anyone could identify
a client.

Sure, a cache will know for how long has a client been disconnecten when
it asks for a diff starting at e.g. yesterday. But was it that same
cache who gave it the previous diff? Or are you talking about regular
traffic too?

I might have not understood you well - if that's the case, please
explain with a bit more of detail.

Anyway, downloading the entire consensus file from either an authority
or a cache will always be possible, if that's what you are concerned
about. But we want diffs to be usable in a secure manner just like
entire consensuses are.

[0] https://gitweb.torproject.org/torspec.git/blob/refs/heads/master:/dir-spec.txt

-- 
Daniel Martí - mvdan@xxxxxxxx - http://mvdan.cc/
PGP: A9DA 13CD F7A1 4ACD D3DE  E530 F4CA FFDB 4348 041C

Attachment: pgpq4eUN8XjGv.pgp
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev