On Mon, Jul 17, 2017 at 07:54:14PM -0400, Ian Goldberg wrote:
Any chance you (i.e. a script) could replace the IP address with HASH(IP||salt) for a randomly chosen salt that you don't know, and which is deleted when the 30 minutes are up, before you get access to the log file?
See https://www.eff.org/policy#cryptolog for how EFF does something similar. It looks like they use 24 hour intervals, and they do this all the time, but hopefully their cryptolog tool will be helpful if we opt to use it for the short term. https://github.com/efforg/cryptolog
Also, teor's question about partial downloads is a really good one: there are many "download accelerators" out there that fetch the first 5 kbytes of the file or something and then stop and do it again, over and over. In theory our current logs should be able to help there, since it should log how many bytes were fetched.
And for those wondering about our current logging approach, see https://trac.torproject.org/projects/tor/ticket/20928 http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html https://anonscm.debian.org/cgit/mirror/dsa-puppet.git/tree/modules/apache2/f...
--Roger