Safely collecting data to estimate the number of Tor users
Robert Ransom
rransom.8774 at gmail.com
Mon Aug 30 10:36:30 UTC 2010
On Mon, 30 Aug 2010 11:09:07 +0200
Karsten Loesing <karsten.loesing at gmx.net> wrote:
> c) Steven proposes to i) encrypt logs to a public key (or rather to a
> symmetric session key which is encrypted to a public key) and ii) to
> reduce IP address hashes in those logs to 40 bits. That means he's
> referring to problem 1) above. I think that i) is a good approach to
> move sensitive logs from an Internet host to a more secure place to run
> the evaluation on. I could imagine implementing this to be a general Tor
> feature, so that people who need verbose logs for debugging can encrypt
> them on their server and evaluate them on a safe machine.
Log encryption doesn't need to be a new feature in Tor. Tell Tor to log
to a file that just happens to be a Unix FIFO, and have an encryption
tool designed for the task read from the pipe and write to a real file.
> I'm slightly
> concerned that this could encourage people to log more than they need.
Using a pipe and a separate encryption tool has the advantage of being
rather more difficult (and annoying) to set up than adding one new line
to torrc. You can also glue on a chain of external log-sanitizing
filters (invocations of grep/sed, perhaps?) before the log is encrypted
that way.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100830/10aa0a20/attachment.pgp>
More information about the tor-dev
mailing list