On Sat, Aug 27, 2016 at 02:15:37PM +0000, kristian@xxxxxxx wrote:
Hello,
my company decided to start a Tor exit relay recently. We now want
to show some statistics on the DirFrontPage which we think people
will find interesting.
The statistic will only be basic and already public information such
as uptime and open ports, but also how much traffic the relay
currently is pushing through.
So I would like to ask if there's a big risk by exposing this
(traffic analysis attacks in mind here)?
If this is a bad idea, is there anything we can show on the
DirFrontPage about the relays current state without it being a risk?
Thanks for both running an exit and for checking about posting of
statistics. It is indeed tricky to do so safely. (And gathering of
statistics: it is generally advisable to only gather those statistics
you would be willing to make public.)
These are fine questions to pose to the recently formed Tor Research
Safety Board. https://research.torproject.org/safetyboard.html
The board is mainly to provide guidelines and feedback to those doing
research on Tor, but it clearly is relevant to people like you,
who want to make data available to others who might do research.
As you noted, realtime updates and or even later postings of
temporally fine-grained numbers could be too revealing for even
after-the-fact traffic correlation.
First of all look at the guidelines
https://research.torproject.org/safetyboard.html#guidelines
Assuming you have done so, I suggest you put together a brief
description of what exactly you plan to collect and what your process
will be (e.g. how and for how long will any raw data be held for
incorporation into statistics before being deleted, especially if this
is much longer than circuit lifetime). Then submit this to the board.
Right now a board contact address has not been set up so it's just
listed as Roger, but you can also reply to me for this one since I
think if you send to him right now it may not go out to the board for
at least several weeks.
aloha,
Paul