[tor-dev] GSoC: Implement consensus diffs

Daniel Martí mvdan at mvdan.cc
Tue Apr 22 18:28:35 UTC 2014

On Tue, Apr 22, 2014 at 11:10:27 -0400, Ian Goldberg wrote:
> The proposal (140) doesn't appear to discuss the client
> fingerprintability aspect of this: they reveal the last time they used
> Tor (if recentish).  Say you're a mobile client that gets a dynamic IP
> address.  With this, you reveal that you probably aren't or maybe are
> the same person that was last seen over there at that particular time.
> What are the implications here?

As far as I understand, Tor clients fetch the consensus documents from a
random authority at first, and then from caches at somewhat random times
- reading from [0] at section 5.1.

Since it starts using caches and building circuits after fetching the
first consensus from an authority, I don't see how anyone could identify
a client.

Sure, a cache will know for how long has a client been disconnecten when
it asks for a diff starting at e.g. yesterday. But was it that same
cache who gave it the previous diff? Or are you talking about regular
traffic too?

I might have not understood you well - if that's the case, please
explain with a bit more of detail.

Anyway, downloading the entire consensus file from either an authority
or a cache will always be possible, if that's what you are concerned
about. But we want diffs to be usable in a secure manner just like
entire consensuses are.

[0] https://gitweb.torproject.org/torspec.git/blob/refs/heads/master:/dir-spec.txt

Daniel Martí - mvdan at mvdan.cc - http://mvdan.cc/
PGP: A9DA 13CD F7A1 4ACD D3DE  E530 F4CA FFDB 4348 041C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140422/c2944b30/attachment.sig>

More information about the tor-dev mailing list