[tor-bugs] #30499 [Metrics/Relay Search]: In Tor Metrics / Relay Search, users are able to enter the digital fingerprint of a bridge to run a successful search and display the data about that bridge, but the Relay Search page states, "If you are searching for a bridge, you will need to search by the hashed fingerprint. This prevents leaking the fingerprint of the bridge when searching."

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon May 13 23:14:27 UTC 2019 

#30499: In Tor Metrics / Relay Search, users are able to enter the digital
fingerprint of a bridge to run a successful search and display the data
about that bridge, but the Relay Search page states, "If you are searching
for a bridge, you will need to search by the hashed fingerprint. This
prevents leaking the fingerprint of the bridge when searching."
-------------------------------------+-------------------------------------
 Reporter:  monmire                  |          Owner:  metrics-team
     Type:  defect                   |         Status:  new
 Priority:  High                     |      Component:  Metrics/Relay
                                     |  Search
  Version:                           |       Severity:  Normal
 Keywords:  Relay-Search-accepts-    |  Actual Points:
  bridge-digital-signature issue     |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 At https://metrics.torproject.org/rs.html, the page contains the caveat,
 "If you are searching for a bridge, you will need to search by the hashed
 fingerprint. This prevents leaking the fingerprint of the bridge when
 searching."

 However, when users enter the //digital fingerprint// (not the //hashed
 fingerprint//) of the bridge in the Relay Search / Query bar, the search
 successfully will display data about the bridge.

 If Relay Search leaks bridge fingerprints when users use digital
 fingerprints (not hashed fingerprints) to run successful searches, we need
 to reconfigure Relay Search so that it will be restricted to using only
 hashed fingerprints to search for bridge data.

 Furthermore, the hashed fingerprint of a bridge must be made visible to
 the user by appearing in the //torrc// file, i.e., the //hashed
 fingerprint// is not visible and does not appear in the torrc file when
 using Tor Browser 8.0.8 on macOS Yosemite 10.10.5. Only the //digital
 fingerprint// is visible, appearing in the torrc file.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30499>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list