[tor-bugs] #15254 [Tor]: Enable hidden-service statistics by default

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 23 09:59:26 UTC 2015 

#15254: Enable hidden-service statistics by default
-------------------------+-------------------------------------------------
     Reporter:  dgoulet  |      Owner:
         Type:           |     Status:  reopened
  enhancement            |  Milestone:  Tor: 0.2.7.x-final
     Priority:  major    |    Version:
    Component:  Tor      |   Keywords:  SponsorR tor-hs stats
   Resolution:           |  TorCoreTeam201509 PostFreeze027
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arma):

 Replying to [comment:13 cypherpunks]:
 > As evidenced by the the fact that very few relays have these enabled,
 the vast majority of relay operators are either unaware of these
 statistics, or having been made aware of them, have chosen not to enable
 them.

 The vast majority of relay operators are unaware of the statistics. I
 could go to tor-relays and ask people to add the config lines to their
 torrc, and enough would, for a while. That's how we got the stats that we
 have so far. But that approach is not scalable, especially when we could
 just give them a reasonable default.

 > There is no benefit to the users on whom the statistics are being
 collected

 I think asn clearly described benefits. Users have already benefited
 greatly, in that the IETF decision to reserve .onion took these two stats
 into account, and we've averted several further terrible (and inaccurate)
 news stories. Those are great arguments to me.

 > The existing bandwidth statistics are already dangerous in terms of
 guard discovery (#13988) and combining them with the statistics in this
 ticket enables easier attacks.

 Like what? I know there's always the risk of attacks that we haven't
 thought of, but here there are concrete upsides, and a bunch of smart
 people who have thought about the issue and think it'll be fine. We're in
 much better shape here than we are in a lot of other areas of Tor (since
 there's so much to cover, and it's so complex, and there aren't enough
 smart people to go around).

 > There is no kind of privacy policy to notify users, as is required by
 (at least) EU law.

 I'm sorry, but this part is just nonsense. I'm a fan of doing the right
 thing for ethical and moral reasons, but inaccurately pointing to laws
 doesn't help things here.

 > Finally, it hasn't been publicly explained anywhere what benefit, if
 any, there is to anyone, even DARPA, of increasing the precision of these
 statistics. What purpose are the current measurements from a limited
 number of relays are too noisy for, that less noisy ones won't be?

 I think asn answered this one well too -- the 1% threshold is a lower
 bound below which we know the extrapolations are garbage. I think his
 intuition is spot-on that when we extrapolate from 1.1%, we're very close
 to the point where we shouldn't trust the results.

 (Also, indeed, Darpa is not pushing us about the precision here, just as
 they didn't actively push us about the stats in the first place. We
 decided that these are two stats that would be useful, and we convinced
 some of the funders that they would be useful and not harmful, and we
 turned out to be right so far.)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15254#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list