[tor-bugs] #30499 [Metrics/Relay Search]: In Tor Metrics / Relay Search, users are able to enter the digital fingerprint of a bridge to run a successful search and display the data about that bridge, but the Relay Search page states, "If you are searching for a bridge, you will need to search by the hashed fingerprint. This prevents leaking the fingerprint of the bridge when searching."

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jun 5 12:22:55 UTC 2019


#30499: In Tor Metrics / Relay Search, users are able to enter the digital
fingerprint of a bridge to run a successful search and display the data
about that bridge, but the Relay Search page states, "If you are searching
for a bridge, you will need to search by the hashed fingerprint. This
prevents leaking the fingerprint of the bridge when searching."
----------------------------------+------------------------------
 Reporter:  monmire               |          Owner:  metrics-team
     Type:  defect                |         Status:  closed
 Priority:  Medium                |      Milestone:
Component:  Metrics/Relay Search  |        Version:
 Severity:  Normal                |     Resolution:  not a bug
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
 Reviewer:                        |        Sponsor:
----------------------------------+------------------------------
Changes (by irl):

 * keywords:  Relay-Search-accepts-bridge-digital-signature issue =>
 * priority:  High => Medium
 * status:  new => closed
 * resolution:   => not a bug


Comment:

 If a user is going to type in a non-hashed bridge fingerprint, or any
 other secret, then there's not much we can do to stop them.

 Relay Search actually does hash fingerprints before looking them up, so
 even searching for a non-hashed fingerprint doesn't actually send that
 fingerprint to the server.

 Regarding the torrc thing, perhaps we can add comments to the file with
 the relay search links. This wouldn't be a problem with relay search
 though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30499#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list