[tor-dev] Anonymous Local Count Statistics Using PCSA - GSoC

samir menon menon.samir at gmail.com
Sat Apr 1 18:48:22 UTC 2017 

Aaron,

I think Jaskaran explained it well - basically, we compute statistics
other than requests per country, and one of those stats is unique
clients, which we can use PCSA for. The
`format_client_stats_heartbeat` function in `/src/or/geoip.c` is where
we actually compute the unique clients and log that in the heartbeat
message.

I think perhaps my proposal doesn't make clear that this PCSA change
is in addition to other methods of getting IP's out of memory - I will
try to update it to emphasize this. I also will do more research on
the 'fuzzing' of country counts, and I will definitely contact Karsten
Loesing.

Thanks,
~Samir Menon

On Sat, Apr 1, 2017 at 11:41 AM, Jaskaran Singh <jvsg1303 at gmail.com> wrote:
> Hi Aaron,
>
> These statistics not just tell about the user's country but also keep a
> track of unique IP addresses connecting from each country. This is
> needed so as to present more realistic stats. If we increment counter on
> any IP address instead of unique IP address then the statistics would
> also reflect  user(s) connecting again and again. If we don't count
> Unique IPs, we would have stats about per country usage rather than per
> country users. We could do much better and implement a way(as described
> by the OP of thread) that counts unique IPs at the same time preserves
> privacy.
>
> And for your second point about hiding the actual counter from
> adversary, I agree that this can potentially de-anonymize a client.
> An adversary (let's say the government of some small, less populous
> country) could try to fingerprint the traffic of it's target(s) and
> later correlate it with the data we publish on the metrics site. This
> attack could work very well for countries where the Tor users can be
> counted on fingers. So, I believe hiding the counter data should also be
> implemented along with hiding the IP addresses.
>
> Regards,
> --
> Jaskaran Veer Singh (jvsg)
> jvsg1303 at gmail dot com
> PGP 2814 3FB7 A32D 429B 092E 27F0 8AA3 C532 9E1A 6AD8
>
> _______________________________________________
> tor-dev mailing list
> tor-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

More information about the tor-dev mailing list