Aaron,
I think Jaskaran explained it well - basically, we compute statistics other than requests per country, and one of those stats is unique clients, which we can use PCSA for. The `format_client_stats_heartbeat` function in `/src/or/geoip.c` is where we actually compute the unique clients and log that in the heartbeat message.
I think perhaps my proposal doesn't make clear that this PCSA change is in addition to other methods of getting IP's out of memory - I will try to update it to emphasize this. I also will do more research on the 'fuzzing' of country counts, and I will definitely contact Karsten Loesing.
Thanks, ~Samir Menon
On Sat, Apr 1, 2017 at 11:41 AM, Jaskaran Singh jvsg1303@gmail.com wrote:
Hi Aaron,
These statistics not just tell about the user's country but also keep a track of unique IP addresses connecting from each country. This is needed so as to present more realistic stats. If we increment counter on any IP address instead of unique IP address then the statistics would also reflect user(s) connecting again and again. If we don't count Unique IPs, we would have stats about per country usage rather than per country users. We could do much better and implement a way(as described by the OP of thread) that counts unique IPs at the same time preserves privacy.
And for your second point about hiding the actual counter from adversary, I agree that this can potentially de-anonymize a client. An adversary (let's say the government of some small, less populous country) could try to fingerprint the traffic of it's target(s) and later correlate it with the data we publish on the metrics site. This attack could work very well for countries where the Tor users can be counted on fingers. So, I believe hiding the counter data should also be implemented along with hiding the IP addresses.
Regards,
Jaskaran Veer Singh (jvsg) jvsg1303 at gmail dot com PGP 2814 3FB7 A32D 429B 092E 27F0 8AA3 C532 9E1A 6AD8
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev