[tor-bugs] #31291 [Core Tor/Tor]: non-public relay health metrics for operators

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 29 13:36:20 UTC 2019 

#31291: non-public relay health metrics for operators
----------------------------+------------------------
 Reporter:  nusenu          |          Owner:  (none)
     Type:  enhancement     |         Status:  new
 Priority:  Medium          |      Milestone:
Component:  Core Tor/Tor    |        Version:
 Severity:  Normal          |     Resolution:
 Keywords:  network-health  |  Actual Points:
Parent ID:                  |         Points:
 Reviewer:                  |        Sponsor:
----------------------------+------------------------

Comment (by irl):

 I have argued against this before, and I will continue to do so. These
 metrics are not of use to individual relay operators. The average operator
 will not know what these things mean. Currently these are written to log
 files, if that is enabled, which by default it is not in Debian at least.

 Providing network access to these values could allow for deanonymisation
 attacks, especially at the intervals with which Prometheus is expecting
 updates.

 If you really wanted to do this, write something that parses Tor logs for
 the heartbeat messages and have an HTTP endpoint on that, but it should
 not be something that is generally used, only in test networks or for
 short term debugging.

 If you capture information and store it on disk then that information is
 legally discoverable which means you can be compelled to hand it over, or
 face consequences for not handing it over. If there is an expectation that
 most operators collect this data then you can cause problems for the
 operators that collect no logs, because it's harder to prove that you
 don't have something than that you have it.

 Instead of monitoring individual relays, we monitor the wider network
 using collected metrics. Once PrivCount is deployed we will have network
 wide aggregates (safely) for all of the heartbeat metrics and be able to
 see anomalies there.

 I would be interested in something that worked only on extra info stats
 though. We have already determined it is safe to collect those stats for
 individual relays and safe to publish them.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31291#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list