Hi Trevor,
Thanks for running a fast relay! http://rougmnvswfsmd4dq.onion/rs.html#details/7DB8443AE29FBC450D34E55FA914F4...
I notice that the server it's on is publishing very fine-grained bandwidth information though: https://infinity.rocketnine.space/#menu_system_submenu_network;theme=slate Do those graphs include the relay traffic? That level of detail can assist attackers in doing traffic correlation attacks -- for example, if they know that a given burst of traffic happened somewhere in the network, they can check your page to see if your relay was involved in it.
Is this level of detail published intentionally? Can we encourage you to put it behind a login, or otherwise make it less available?
Thanks! --Roger
Hey Roger, thanks for the heads up regarding this vulnerability. I am simply using the default netdata config and don't really need the networking IO, if I remove that completely and leave CPU/Mem/etc. would that resolve this?
On Mon, Oct 14, 2019, at 3:25 AM, Roger Dingledine wrote:
Hi Trevor,
Thanks for running a fast relay! http://rougmnvswfsmd4dq.onion/rs.html#details/7DB8443AE29FBC450D34E55FA914F4...
I notice that the server it's on is publishing very fine-grained bandwidth information though: https://infinity.rocketnine.space/#menu_system_submenu_network;theme=slate Do those graphs include the relay traffic? That level of detail can assist attackers in doing traffic correlation attacks -- for example, if they know that a given burst of traffic happened somewhere in the network, they can check your page to see if your relay was involved in it.
Is this level of detail published intentionally? Can we encourage you to put it behind a login, or otherwise make it less available?
Thanks! --Roger
On Mon, Oct 14, 2019 at 10:16:33AM -0700, Trevor Slocum wrote:
Hey Roger, thanks for the heads up regarding this vulnerability. I am simply using the default netdata config and don't really need the networking IO, if I remove that completely and leave CPU/Mem/etc. would that resolve this?
Hm! Well, it would make the research questions more complicated. That's sort of like resolving it, but not quite the same. :)
For a recent paper looking at bandwidth correlation from published data, see https://www.freehaven.net/anonbib/#dropping-pets2018
My guess is that CPU load is some sort of approximation of bandwidth use. And changes in memory use might be correlated too.
So I would say to actually resolve the issue, no, please don't publish fine-grained load statistics about your relay, even if they're only indirect bandwidth statistics.
To be fair, to some extent people can measure these things about your relay on their own, e.g. by sending ICMP ping packets or by sending in-protocol Tor cells that generate a response. But that's still an active thing that they need to do to your relay, and they need to be doing it at the time of the data they want, which might be before they realize they want it. It *probably* won't matter, but a lot of maybes add up over time.
--Roger
network-health@lists.torproject.org
-
Roger Dingledine -
Trevor Slocum