[tor-project] Plan to double-check Tor Browser initial download numbers

Roger Dingledine arma at mit.edu
Tue Jul 18 01:41:40 UTC 2017


On Mon, Jul 17, 2017 at 07:54:14PM -0400, Ian Goldberg wrote:
> Any chance you (i.e. a script) could replace the IP address with
> HASH(IP||salt) for a randomly chosen salt that you don't know, and which
> is deleted when the 30 minutes are up, before you get access to the log
> file?

See https://www.eff.org/policy#cryptolog for how EFF does something
similar. It looks like they use 24 hour intervals, and they do this all
the time, but hopefully their cryptolog tool will be helpful if we opt
to use it for the short term.
https://github.com/efforg/cryptolog

Also, teor's question about partial downloads is a really good one:
there are many "download accelerators" out there that fetch the first 5
kbytes of the file or something and then stop and do it again, over and
over. In theory our current logs should be able to help there, since it
should log how many bytes were fetched.

And for those wondering about our current logging approach, see
https://trac.torproject.org/projects/tor/ticket/20928
http://lists.spi-inc.org/pipermail/spi-general/2016-December/003645.html
https://anonscm.debian.org/cgit/mirror/dsa-puppet.git/tree/modules/apache2/files/logformat-privacy

--Roger



More information about the tor-project mailing list