<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On 26 Nov 2015, at 18:07, Josef 'veloc1ty' Stautner <<a href="mailto:hello@veloc1ty.de" class="">hello@veloc1ty.de</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=windows-1252" http-equiv="Content-Type" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
Hi Tim,<br class="">
<br class="">
you hit me hard today because I didn't think about the privacy of
the users :-)<br class=""></div></div></blockquote><div><br class=""></div><div>Sorry about that :-(</div><br class=""><blockquote type="cite" class=""><div class=""><div text="#000000" bgcolor="#FFFFFF" class="">
But the data points for read and write are just average values and
the time series database also only stores the average values. So I
don't think that just by looking at the graph you can track specific
Hidden Services or make other attempts. They would get better
precision if they trace the IP of the server.<br class=""></div></div></blockquote><div><br class=""></div><div>I think you're right, but it depends on your threat model:</div><div>* an adversary with access to a router/IXP near your server could get precise bandwidth figures (bytes/second) that way;</div><div>* an adversary anywhere in the world could see averaged bandwidth figures (kilobytes?/minute) using your graph.</div><div><br class=""></div><div>I could imagine your users facing either type of adversary.</div><div><br class=""></div><div>But there might be ways to work around that:</div><div>* a public graph could average bandwidth over the time period used on Globe (6 hours), or</div><div>* a private graph could provide as much detail as you like, and be made available over password-protected HTTPS, or as a hidden service with client authentication.</div><div><br class=""></div><div>Tim</div><br class=""><blockquote type="cite" class=""><div class=""><div text="#000000" bgcolor="#FFFFFF" class="">
<div class="moz-cite-prefix">Am 25.11.2015 um 23:33 schrieb Tim
Wilson-Brown - teor:<br class="">
</div>
<blockquote cite="mid:0D24A279-2D58-4E44-8F3F-D26F925D6041@gmail.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252" class="">
<br class="">
<div class="">
<blockquote type="cite" class="">
<div class="">On 26 Nov 2015, at 05:36, Josef Stautner <<a moz-do-not-send="true" href="mailto:hello@veloc1ty.de" class=""></a><a class="moz-txt-link-abbreviated" href="mailto:hello@veloc1ty.de">hello@veloc1ty.de</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Hello @all,<br class="">
<br class="">
(I'm not sure if you guys are interested in a topic like
this)<br class="">
I wrote a perl script to gather bandwidth data from my Tor
exit relay.<br class="">
The script connects to the Tor control socket, fetches the
running<br class="">
config to extract the bandwidth limits and the reject rule
count.<br class="">
Afterwards the last 60 bw-cache entries are fetched and
average values<br class="">
are built for bandwidth in and out.<br class="">
All this performance data is then forwarded to
Nagios/Icinga where you<br class="">
can do anything with that values.<br class="">
<br class="">
Every 30 minutes a cronjob renders the graph showing the
datapoints of<br class="">
the last 6 houres and uploads the resulting image to my
website. You can<br class="">
find the image here (Hint: The values for in and out are
stacked):<br class="">
<a moz-do-not-send="true" href="https://blog.veloc1ty.de/bandwidth-large.png" class="">https://blog.veloc1ty.de/bandwidth-large.png</a><br class="">
<br class="">
The source of the script can be found here on GitHub:<br class="">
<a class="moz-txt-link-freetext" href="https://github.com/vlcty/check_tor_bandwidth">https://github.com/vlcty/check_tor_bandwidth</a><br class="">
It's released under the GPLv3<br class="">
<br class="">
Maybe somebody will find it usefull :-)<br class="">
</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
Hi Josef,</div>
<div class=""><br class="">
</div>
<div class="">Thanks for creating this tool - it looks like a great way for
operators to keep an eye on their relay.<br class="">
<br class="">
</div>
<div class="">But I wonder about the privacy implications of making a
relay's high-resolution bandwidth figures public.</div>
<div class="">For example, attacker can correlate a traffic-based attack on
a hidden service, with a traffic peak on its Guards.</div>
<div class="">(I am not sure if any similar attack applies to Exits, or any
other role Exits may have.)</div>
<div class="">We previously moved to a bandwidth statistics interval of 6
hours for this reason.</div>
<div class="">(That's why the 3 days and 1 month bandwidth graphs are empty
on Globe.)</div>
<div class=""><br class="">
</div>
<div class="">You lose a certain amount of precision moving to a graph,
rather than reporting exact figures in a data file.</div>
<div class="">But I'm not sure if that's enough to avoid the attack I
described above.</div>
<div class=""><br class="">
</div>
<div class="">Tim</div>
<br class="">
<div class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">
<div style="orphans: auto; text-align: start;
text-indent: 0px; widows: auto; word-wrap:
break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="orphans: auto; text-align: start;
text-indent: 0px; widows: auto; word-wrap:
break-word; -webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="orphans: auto; text-align:
start; text-indent: 0px; widows: auto;
word-wrap: break-word; -webkit-nbsp-mode:
space; -webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto; text-align:
start; text-indent: 0px; widows: auto;
word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break: after-white-space;" class="">
<div style="orphans: auto; text-align:
start; text-indent: 0px; widows: auto;
word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto; text-align:
start; text-indent: 0px; widows:
auto; word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto;
text-align: start; text-indent:
0px; widows: auto; word-wrap:
break-word; -webkit-nbsp-mode:
space; -webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto;
text-align: start; text-indent:
0px; widows: auto; word-wrap:
break-word; -webkit-nbsp-mode:
space; -webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto;
text-align: start;
text-indent: 0px; widows:
auto; word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto;
text-align: start;
text-indent: 0px; widows:
auto; word-wrap: break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="orphans: auto;
text-align: start;
text-indent: 0px; widows:
auto; word-wrap:
break-word;
-webkit-nbsp-mode: space;
-webkit-line-break:
after-white-space;" class="">
<div style="letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Tim
Wilson-Brown (teor)</div>
<div style="letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class="">
</div>
<div style="orphans: auto;
text-align: start;
text-indent: 0px;
widows: auto; word-wrap:
break-word;
-webkit-nbsp-mode:
space;
-webkit-line-break:
after-white-space;" class="">teor2345 at
gmail dot com<br class="">
PGP 968F094B<br class="">
<br class="">
teor at blah dot im<br class="">
OTR CAD08081
9755866D 89E2A06F E3558B7F
B5A9D14F</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br class="">
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">_______________________________________________
tor-relays mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
</pre>
</blockquote>
<br class="">
</div>
_______________________________________________<br class="">tor-relays mailing list<br class=""><a href="mailto:tor-relays@lists.torproject.org" class="">tor-relays@lists.torproject.org</a><br class="">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays<br class=""></div></blockquote></div><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Tim Wilson-Brown (teor)</div><div style="color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""></div><div style="orphans: auto; text-align: start; text-indent: 0px; widows: auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">teor2345 at gmail dot com<br class="">PGP 968F094B<br class=""><br class="">teor at blah dot im<br class="">OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F</div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br class=""></body></html>