[tor-dev] next globe update feedback

Karsten Loesing karsten at torproject.org
Mon Nov 18 07:56:49 UTC 2013

On 11/8/13 2:59 AM, Matthew Finkel wrote:
> On Thu, Nov 07, 2013 at 03:33:23PM -0500, me at rndm.de wrote:
>> I also added relay family links. While working on this feature I noticed 
>> that the onionoo family field can return fingerprints of bridges.
>> I modified the way the relay details route works and now it checks if 
>> the api returns a valid relay. If this isn't the case it checks for a 
>> bridge and redirects to its detail page.
>> (for example "TorLand2" has a bridge in its family members field and 
>> clicking on the fingerprint throws an error on atlas)
>> If this behavior is wrong or something is missing just tell me.
> Well, that's one place I didn't think to look for leaking bridge
> fingerprints. At this point there is no way to retrieve a bridge's IP
> address and port number using its fingerprint, right? And, considering the
> default torrc does say: "However, you should never include a bridge's
> fingerprint here, as it would break its concealability and potentionally
> reveal its IP/TCP address." I really don't know how else to prevent
> this. Onionoo could do extra processing to prevent leaking these
> bridges, but I'm not sure that's a good way to do it.

Onionoo does not sanitize any information from relay or bridge
descriptors.  Onionoo processes publicly available information from
metrics, so whatever is sensitive in there is already available to
whoever wants to use it.  Onionoo only makes it more convenient for
people to use this information.

Metrics does not sanitize relay descriptors, only bridge descriptors.
Whatever people put in their relay configuration and that goes into
relay descriptors will be made public.

> On another note, globe looks awesome! Thanks you!

Very true.  Thanks, Christian!

All the best,

More information about the tor-dev mailing list