[tor-bugs] #2988 [Tor Relay]: information disclosure: operating system and platform
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Nov 1 11:01:04 UTC 2011
#2988: information disclosure: operating system and platform
-----------------------+----------------------------------------------------
Reporter: tagnaq | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: unspecified
Component: Tor Relay | Version:
Keywords: | Parent:
Points: | Actualpoints:
-----------------------+----------------------------------------------------
Changes (by bastik):
* cc: bastik.public@… (added)
Comment:
I asked an IRC and got pointed here. "Failiol" described an attack on Tor
by compromising the systems that run the relays.
Whenever it would turn out that a certain OS is vulnerable to un-allowed
remote access, which won't be fixed for Vista because the company decides
so, an attack could find a vulnerable system that runs an relay.
As arma points out: "(...) fraction of capacity that's vulnerable, not
fraction of relays". That's true and important.
Whenever the Torproject collects this information to find out how well the
distribution is growing that's fine. It might be only the publishing of
this additional information that's not necessary.
As a Tor user I'd like to see to what Tor versions I connect, because I
could guess about it's privacy. It's also nice to see what OSs others are
using, but does not require to show so much details.
There's on more thing. It's still possible to guess about the "patching
state" by looking at the Tor version that are run by those systems. I
always like that openness about Tor, that I know which relays I might
connect to and what versions of Tor they run. That's truly another ticket,
don't really know if that would be problematical.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2988#comment:28>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list