[tor-talk] Any risk by showing traffic statistic on the DirFrontPage?

Nathaniel Suchy nathanielsuchy at openmailbox.org
Sat Aug 27 22:14:43 UTC 2016


On 2016-08-27 11:12, Paul Syverson wrote:
> On Sat, Aug 27, 2016 at 02:15:37PM +0000, kristian at ovpn.se wrote:
>> Hello,
> 
>> my company decided to start a Tor exit relay recently. We now want
>> to show some statistics on the DirFrontPage which we think people
>> will find interesting.
>> The statistic will only be basic and already public information such
>> as uptime and open ports, but also how much traffic the relay
>> currently is pushing through.
>> So I would like to ask if there's a big risk by exposing this
>> (traffic analysis attacks in mind here)?
>> If this is a bad idea, is there anything we can show on the
>> DirFrontPage about the relays current state without it being a risk?
> 
> Thanks for both running an exit and for checking about posting of
> statistics.  It is indeed tricky to do so safely. (And gathering of
> statistics: it is generally advisable to only gather those statistics
> you would be willing to make public.)
> 
> These are fine questions to pose to the recently formed Tor Research
> Safety Board.  https://research.torproject.org/safetyboard.html
> The board is mainly to provide guidelines and feedback to those doing
> research on Tor, but it clearly is relevant to people like you,
> who want to make data available to others who might do research.
> 
> As you noted, realtime updates and or even later postings of
> temporally fine-grained numbers could be too revealing for even
> after-the-fact traffic correlation.
> First of all look at the guidelines
> https://research.torproject.org/safetyboard.html#guidelines
> 
> Assuming you have done so, I suggest you put together a brief
> description of what exactly you plan to collect and what your process
> will be (e.g. how and for how long will any raw data be held for
> incorporation into statistics before being deleted, especially if this
> is much longer than circuit lifetime). Then submit this to the board.
> Right now a board contact address has not been set up so it's just
> listed as Roger, but you can also reply to me for this one since I
> think if you send to him right now it may not go out to the board for
> at least several weeks.
> 
> aloha,
> Paul

As previously mentioned I'd recommend putting a 72 hour delay on stats. 
Also just post some information. Don't be too revealing. Just list the 
amount of traffic (round the number) and leave it at that.

-- 
Thank you for reading,
Nathaniel Suchy
Fingerprint=490F 1103 B770 BE69 D4CF  20AC CE75 4786 622D 8ED5 
(http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCE754786622D8ED5)


More information about the tor-talk mailing list