[tor-bugs] #7435 [Ooni]: Devise strategy for getting inputs to the users that want to run tests

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 12 18:20:34 UTC 2012 

#7435: Devise strategy for getting inputs to the users that want to run tests
---------------------------+------------------------------------------------
 Reporter:  hellais        |          Owner:  hellais
     Type:  task           |         Status:  new    
 Priority:  normal         |      Milestone:         
Component:  Ooni           |        Version:         
 Keywords:  ooni_research  |         Parent:         
   Points:                 |   Actualpoints:         
---------------------------+------------------------------------------------

Comment(by jonmtoz):

 Should the lists be crowdsourced and open to the public? I think doing so
 could have serious negative ramifications: If anyone can add any url to a
 list, an attacker can set up a honeypot, post the url to the publicly
 available url list, wait for probers to connect to the honeypot, and then
 target them.  An adversary capable of observing the internet connections
 of an entire country can perform a passive attack by simply reading the
 entire input list and then targeting probers from its own country, since
 they will be identifiable for making all of these connections in a short
 period of time. Some alternatives to having publicly modifiable lists that
 are available to everyone could be:

 1.  Allowing only members of the Tor Project to modify a list (this might
 make liability more of an issue but will improve prober safety).

 2. Restricting the amount of items on the list that can be seen by one
 person.  This can be done by using the same strategies used in the
 distribution of Tor bridges, such as rate limiting through CAPTCHAs in
 order to prevent an attacker from learning what exactly a prober will do.
 The same technique might also be able to be used to create crowdsourced
 lists of keywords and URLs since it mitigates the danger that an attacker
 can modify the lists sufficiently enough to expose scanners.

 It might be best for there to be multiple lists each with different known
 degrees of risk, since one probing in Germany faces far less of a risk by
 using a crowdsourced list than someone in Syria.  Maybe this should be
 taken into account if there are different lists for different countries
 and languages.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7435#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list