Publishing sanitized bridge pool assignments
Robert Ransom
rransom.8774 at gmail.com
Fri Feb 4 07:19:31 UTC 2011
On Wed, 2 Feb 2011 16:08:51 +0100
Karsten Loesing <karsten.loesing at gmx.net> wrote:
> On Wed, Feb 02, 2011 at 03:50:25PM +0100, Karsten Loesing wrote:
> > Your call. If you think adding a secret X is important here, we can
> > change the process. Note that this change affects all published sanitized
> > bridge descriptors, because they contain these hashed fingerprints, too.
> > We should be consistent with the fingerprints we put into bridge pool
> > assignments and bridge descriptors. That doesn't exactly make this a
> > cheap change, because I'll have to sanitize two years of descriptors
> > again. But if it's important, I can do it.
>
> Argh! There's one major problem about adding a secret X. We're comparing
> hashed bridge identites to hashed relay identities to exclude bridges that
> have been running as relays from the bridge usage statistics. The reason
> is that bridges that have been running as relays before report much higher
> user numbers than other bridges, which are very likely direct Tor users.
>
> If we now include a secret X in the sanitizing process, we'd either have
> to include the same secret in the calculation of bridge usage statistics,
> or we wouldn't be able to remove former relays. I really want to avoid
> the former, because we're trying to only make use of data for statistics
> that we're giving out to everyone. And the latter would make our bridge
> usage statistics useless.
>
> So, I'm afraid we cannot include a secret X easily. :(
Publish lists of relay identities sanitized using the same function
used to sanitize bridge identities.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20110203/e39acc36/attachment.pgp>
More information about the tor-dev
mailing list