On Mon, Oct 14, 2019 at 10:16:33AM -0700, Trevor Slocum wrote:
Hey Roger, thanks for the heads up regarding this vulnerability. I am simply using the default netdata config and don't really need the networking IO, if I remove that completely and leave CPU/Mem/etc. would that resolve this?
Hm! Well, it would make the research questions more complicated. That's sort of like resolving it, but not quite the same. :)
For a recent paper looking at bandwidth correlation from published data, see https://www.freehaven.net/anonbib/#dropping-pets2018
My guess is that CPU load is some sort of approximation of bandwidth use. And changes in memory use might be correlated too.
So I would say to actually resolve the issue, no, please don't publish fine-grained load statistics about your relay, even if they're only indirect bandwidth statistics.
To be fair, to some extent people can measure these things about your relay on their own, e.g. by sending ICMP ping packets or by sending in-protocol Tor cells that generate a response. But that's still an active thing that they need to do to your relay, and they need to be doing it at the time of the data they want, which might be before they realize they want it. It *probably* won't matter, but a lot of maybes add up over time.
--Roger