On 11/8/13 2:59 AM, Matthew Finkel wrote:
On Thu, Nov 07, 2013 at 03:33:23PM -0500, me@rndm.de wrote:
I also added relay family links. While working on this feature I noticed that the onionoo family field can return fingerprints of bridges. I modified the way the relay details route works and now it checks if the api returns a valid relay. If this isn't the case it checks for a bridge and redirects to its detail page. (for example "TorLand2" has a bridge in its family members field and clicking on the fingerprint throws an error on atlas)
If this behavior is wrong or something is missing just tell me.
Well, that's one place I didn't think to look for leaking bridge fingerprints. At this point there is no way to retrieve a bridge's IP address and port number using its fingerprint, right? And, considering the default torrc does say: "However, you should never include a bridge's fingerprint here, as it would break its concealability and potentionally reveal its IP/TCP address." I really don't know how else to prevent this. Onionoo could do extra processing to prevent leaking these bridges, but I'm not sure that's a good way to do it.
Onionoo does not sanitize any information from relay or bridge descriptors. Onionoo processes publicly available information from metrics, so whatever is sensitive in there is already available to whoever wants to use it. Onionoo only makes it more convenient for people to use this information.
Metrics does not sanitize relay descriptors, only bridge descriptors. Whatever people put in their relay configuration and that goes into relay descriptors will be made public.
On another note, globe looks awesome! Thanks you!
Very true. Thanks, Christian!
All the best, Karsten