[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] next globe update feedback



On Thu, Nov 07, 2013 at 03:33:23PM -0500, me@xxxxxxx wrote:
> > 
> > If there isn't anything wrong, I will release it to the regular globe 
> > url.
> 
> I deployed the latest globe version on http://globe.rndm.de/ .
> 
> The jshint code quality check was replaced with latest eslint version 
> that works without jshint.
> Aside from the already mentioned changes I fixed the bridge/relay detail 
> page if no detail document was found.
> 
> I also added relay family links. While working on this feature I noticed 
> that the onionoo family field can return fingerprints of bridges.
> I modified the way the relay details route works and now it checks if 
> the api returns a valid relay. If this isn't the case it checks for a 
> bridge and redirects to its detail page.
> (for example "TorLand2" has a bridge in its family members field and 
> clicking on the fingerprint throws an error on atlas)
> 
> If this behavior is wrong or something is missing just tell me.

Well, that's one place I didn't think to look for leaking bridge
fingerprints. At this point there is no way to retrieve a bridge's IP
address and port number using its fingerprint, right? And, considering the
default torrc does say: "However, you should never include a bridge's
fingerprint here, as it would break its concealability and potentionally
reveal its IP/TCP address." I really don't know how else to prevent
this. Onionoo could do extra processing to prevent leaking these
bridges, but I'm not sure that's a good way to do it.

On another note, globe looks awesome! Thanks you!
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev