Safely collecting data to estimate the number of Tor users

[Robert Ransom]

On Mon, 30 Aug 2010 11:09:07 +0200
Karsten Loesing <karsten.loesing at gmx.net> wrote:

> c) Steven proposes to i) encrypt logs to a public key (or rather to a
> symmetric session key which is encrypted to a public key) and ii) to
> reduce IP address hashes in those logs to 40 bits. That means he's
> referring to problem 1) above. I think that i) is a good approach to
> move sensitive logs from an Internet host to a more secure place to run
> the evaluation on. I could imagine implementing this to be a general Tor
> feature, so that people who need verbose logs for debugging can encrypt
> them on their server and evaluate them on a safe machine.

Log encryption doesn't need to be a new feature in Tor. Tell Tor to log
to a file that just happens to be a Unix FIFO, and have an encryption
tool designed for the task read from the pipe and write to a real file.

>                                                           I'm slightly
> concerned that this could encourage people to log more than they need.

Using a pipe and a separate encryption tool has the advantage of being
rather more difficult (and annoying) to set up than adding one new line
to torrc.  You can also glue on a chain of external log-sanitizing
filters (invocations of grep/sed, perhaps?) before the log is encrypted
that way.


Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100830/10aa0a20/attachment.pgp>