[tor-dev] next globe update feedback

Matthew Finkel matthew.finkel at gmail.com
Fri Nov 8 01:59:55 UTC 2013

On Thu, Nov 07, 2013 at 03:33:23PM -0500, me at rndm.de wrote:
> > 
> > If there isn't anything wrong, I will release it to the regular globe 
> > url.
> I deployed the latest globe version on http://globe.rndm.de/ .
> The jshint code quality check was replaced with latest eslint version 
> that works without jshint.
> Aside from the already mentioned changes I fixed the bridge/relay detail 
> page if no detail document was found.
> I also added relay family links. While working on this feature I noticed 
> that the onionoo family field can return fingerprints of bridges.
> I modified the way the relay details route works and now it checks if 
> the api returns a valid relay. If this isn't the case it checks for a 
> bridge and redirects to its detail page.
> (for example "TorLand2" has a bridge in its family members field and 
> clicking on the fingerprint throws an error on atlas)
> If this behavior is wrong or something is missing just tell me.

Well, that's one place I didn't think to look for leaking bridge
fingerprints. At this point there is no way to retrieve a bridge's IP
address and port number using its fingerprint, right? And, considering the
default torrc does say: "However, you should never include a bridge's
fingerprint here, as it would break its concealability and potentionally
reveal its IP/TCP address." I really don't know how else to prevent
this. Onionoo could do extra processing to prevent leaking these
bridges, but I'm not sure that's a good way to do it.

On another note, globe looks awesome! Thanks you!

More information about the tor-dev mailing list