On Wed, 2 Feb 2011 16:08:51 +0100 Karsten Loesing <karsten.loesing@xxxxxxx> wrote: > On Wed, Feb 02, 2011 at 03:50:25PM +0100, Karsten Loesing wrote: > > Your call. If you think adding a secret X is important here, we can > > change the process. Note that this change affects all published sanitized > > bridge descriptors, because they contain these hashed fingerprints, too. > > We should be consistent with the fingerprints we put into bridge pool > > assignments and bridge descriptors. That doesn't exactly make this a > > cheap change, because I'll have to sanitize two years of descriptors > > again. But if it's important, I can do it. > > Argh! There's one major problem about adding a secret X. We're comparing > hashed bridge identites to hashed relay identities to exclude bridges that > have been running as relays from the bridge usage statistics. The reason > is that bridges that have been running as relays before report much higher > user numbers than other bridges, which are very likely direct Tor users. > > If we now include a secret X in the sanitizing process, we'd either have > to include the same secret in the calculation of bridge usage statistics, > or we wouldn't be able to remove former relays. I really want to avoid > the former, because we're trying to only make use of data for statistics > that we're giving out to everyone. And the latter would make our bridge > usage statistics useless. > > So, I'm afraid we cannot include a secret X easily. :( Publish lists of relay identities sanitized using the same function used to sanitize bridge identities. Robert Ransom
Attachment:
signature.asc
Description: PGP signature