[tor-relays] onionoo

[eliaz]

On 9/2/2013 11:59 AM, Steve Snyder wrote:
> On 09/02/2013 10:02 AM, Kostas Jakeliunas wrote:
>> [1]: http://globe.rndm.de/
> 
> Having this tool on an unencrypted HTTP site doesn't seem safe to me.
> Anybody can sniff the bridge IP addresses that users submit for reporting.

It may be different if someone compiles the program locally, but AFAICT
no secrets are being divulged from the globe web page.  From the page
the details of no bridge can be found without knowing the name of the
bridge in the first place; and if someone knows that she also know the
other details. One doesn't have to go to the page to do a brute force
attack.

At the same time globe is useful in helping lower-level bridge operators
such as myself get a better sense of what the information windows in the
browser bundle are actually telling us.

If I'm wrong in any of the above, please do correct me.

eliaz
gpg: 0x63D01EC6