On 9/3/13 5:59 AM, eliaz wrote:
On 9/2/2013 11:59 AM, Steve Snyder wrote:
On 09/02/2013 10:02 AM, Kostas Jakeliunas wrote:
Having this tool on an unencrypted HTTP site doesn't seem safe to me. Anybody can sniff the bridge IP addresses that users submit for reporting.
It may be different if someone compiles the program locally, but AFAICT no secrets are being divulged from the globe web page. From the page the details of no bridge can be found without knowing the name of the bridge in the first place; and if someone knows that she also know the other details. One doesn't have to go to the page to do a brute force attack.
Agreed, Globe doesn't divulge any secrets, mostly because Onionoo doesn't contain any secrets. All bridge data that Onionoo has is sanitized and doesn't contain sensitive information anymore.
At the same time globe is useful in helping lower-level bridge operators such as myself get a better sense of what the information windows in the browser bundle are actually telling us.
I agree.
If I'm wrong in any of the above, please do correct me.
No need to. Thanks for running a bridge!
Best, Karsten