[tor-dev] next globe update feedback
Matthew Finkel
matthew.finkel at gmail.com
Fri Nov 8 01:59:55 UTC 2013
On Thu, Nov 07, 2013 at 03:33:23PM -0500, me at rndm.de wrote:
> >
> > If there isn't anything wrong, I will release it to the regular globe
> > url.
>
> I deployed the latest globe version on http://globe.rndm.de/ .
>
> The jshint code quality check was replaced with latest eslint version
> that works without jshint.
> Aside from the already mentioned changes I fixed the bridge/relay detail
> page if no detail document was found.
>
> I also added relay family links. While working on this feature I noticed
> that the onionoo family field can return fingerprints of bridges.
> I modified the way the relay details route works and now it checks if
> the api returns a valid relay. If this isn't the case it checks for a
> bridge and redirects to its detail page.
> (for example "TorLand2" has a bridge in its family members field and
> clicking on the fingerprint throws an error on atlas)
>
> If this behavior is wrong or something is missing just tell me.
Well, that's one place I didn't think to look for leaking bridge
fingerprints. At this point there is no way to retrieve a bridge's IP
address and port number using its fingerprint, right? And, considering the
default torrc does say: "However, you should never include a bridge's
fingerprint here, as it would break its concealability and potentionally
reveal its IP/TCP address." I really don't know how else to prevent
this. Onionoo could do extra processing to prevent leaking these
bridges, but I'm not sure that's a good way to do it.
On another note, globe looks awesome! Thanks you!
More information about the tor-dev
mailing list