[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Safer Logging (by default) ?

Hi there,

a the current state what can be logged by Tor could be called unsafe.

What I'm concerned about isn't the fact that one can tell Tor to log,
it's the safety that's unbalanced.

I never thought Tor logs should be appending as that could lead to
privacy issues whenever a relay gets raised. One turns on logging and
forgets about it. I never came up with it, but it's along the line.

- Make logs overwrite each other by default
(The node runs and starts logging, then stops running, when it starts
again it overwrites the old logs)
- Introduce an option to make logs appending (whenever this is reasonable)

Tor tells: [Notice] Tor can't help you if you use it wrong! Learn how to
be safe at https://www.torproject.org/download/download#warning

Whenever logging is enabled Tor could tell: [Notice] Please log to an
safe place. Don't log unless it's serves an important reason.

Assign flags to nodes that log, maybe based on the level they do.
- log_warn
- log_error
- log_info
- log_debug

The TorProject and users could notice if a node is logging in a
suspicious way.

Maybe you can go as far as giving (long term or critical) logging nodes
less traffic. When equally good nodes exists they could be picked over
the logging ones.

I'm fully aware that one can log things without Tor, capture traffic and
all that stuff. The operators have to be honest.

tor-talk mailing list