[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Safely collecting data to estimate the number of Tor users



On Mon, 30 Aug 2010 11:09:07 +0200
Karsten Loesing <karsten.loesing@xxxxxxx> wrote:

> c) Steven proposes to i) encrypt logs to a public key (or rather to a
> symmetric session key which is encrypted to a public key) and ii) to
> reduce IP address hashes in those logs to 40 bits. That means he's
> referring to problem 1) above. I think that i) is a good approach to
> move sensitive logs from an Internet host to a more secure place to run
> the evaluation on. I could imagine implementing this to be a general Tor
> feature, so that people who need verbose logs for debugging can encrypt
> them on their server and evaluate them on a safe machine.

Log encryption doesn't need to be a new feature in Tor. Tell Tor to log
to a file that just happens to be a Unix FIFO, and have an encryption
tool designed for the task read from the pipe and write to a real file.

>                                                           I'm slightly
> concerned that this could encourage people to log more than they need.

Using a pipe and a separate encryption tool has the advantage of being
rather more difficult (and annoying) to set up than adding one new line
to torrc.  You can also glue on a chain of external log-sanitizing
filters (invocations of grep/sed, perhaps?) before the log is encrypted
that way.


Robert Ransom

Attachment: signature.asc
Description: PGP signature