Hey Roger, thanks for the heads up regarding this vulnerability. I am simply using the default netdata config and don't really need the networking IO, if I remove that completely and leave CPU/Mem/etc. would that resolve this?
On Mon, Oct 14, 2019, at 3:25 AM, Roger Dingledine wrote:
Hi Trevor,
Thanks for running a fast relay! http://rougmnvswfsmd4dq.onion/rs.html#details/7DB8443AE29FBC450D34E55FA914F4...
I notice that the server it's on is publishing very fine-grained bandwidth information though: https://infinity.rocketnine.space/#menu_system_submenu_network;theme=slate Do those graphs include the relay traffic? That level of detail can assist attackers in doing traffic correlation attacks -- for example, if they know that a given burst of traffic happened somewhere in the network, they can check your page to see if your relay was involved in it.
Is this level of detail published intentionally? Can we encourage you to put it behind a login, or otherwise make it less available?
Thanks! --Roger