Publishing sanitized bridge pool assignments

Robert Ransom rransom.8774 at
Fri Feb 4 07:19:31 UTC 2011

On Wed, 2 Feb 2011 16:08:51 +0100
Karsten Loesing <karsten.loesing at> wrote:

> On Wed, Feb 02, 2011 at 03:50:25PM +0100, Karsten Loesing wrote:
> > Your call.  If you think adding a secret X is important here, we can
> > change the process.  Note that this change affects all published sanitized
> > bridge descriptors, because they contain these hashed fingerprints, too.
> > We should be consistent with the fingerprints we put into bridge pool
> > assignments and bridge descriptors.  That doesn't exactly make this a
> > cheap change, because I'll have to sanitize two years of descriptors
> > again.  But if it's important, I can do it.
> Argh!  There's one major problem about adding a secret X.  We're comparing
> hashed bridge identites to hashed relay identities to exclude bridges that
> have been running as relays from the bridge usage statistics.  The reason
> is that bridges that have been running as relays before report much higher
> user numbers than other bridges, which are very likely direct Tor users.
> If we now include a secret X in the sanitizing process, we'd either have
> to include the same secret in the calculation of bridge usage statistics,
> or we wouldn't be able to remove former relays.  I really want to avoid
> the former, because we're trying to only make use of data for statistics
> that we're giving out to everyone.  And the latter would make our bridge
> usage statistics useless.
> So, I'm afraid we cannot include a secret X easily. :(

Publish lists of relay identities sanitized using the same function
used to sanitize bridge identities.

Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: not available
URL: <>

More information about the tor-dev mailing list