[tor-talk] Any risk by showing traffic statistic on the DirFrontPage?
Nathaniel Suchy
nathanielsuchy at openmailbox.org
Sat Aug 27 22:14:43 UTC 2016
On 2016-08-27 11:12, Paul Syverson wrote:
> On Sat, Aug 27, 2016 at 02:15:37PM +0000, kristian at ovpn.se wrote:
>> Hello,
>
>> my company decided to start a Tor exit relay recently. We now want
>> to show some statistics on the DirFrontPage which we think people
>> will find interesting.
>> The statistic will only be basic and already public information such
>> as uptime and open ports, but also how much traffic the relay
>> currently is pushing through.
>> So I would like to ask if there's a big risk by exposing this
>> (traffic analysis attacks in mind here)?
>> If this is a bad idea, is there anything we can show on the
>> DirFrontPage about the relays current state without it being a risk?
>
> Thanks for both running an exit and for checking about posting of
> statistics. It is indeed tricky to do so safely. (And gathering of
> statistics: it is generally advisable to only gather those statistics
> you would be willing to make public.)
>
> These are fine questions to pose to the recently formed Tor Research
> Safety Board. https://research.torproject.org/safetyboard.html
> The board is mainly to provide guidelines and feedback to those doing
> research on Tor, but it clearly is relevant to people like you,
> who want to make data available to others who might do research.
>
> As you noted, realtime updates and or even later postings of
> temporally fine-grained numbers could be too revealing for even
> after-the-fact traffic correlation.
> First of all look at the guidelines
> https://research.torproject.org/safetyboard.html#guidelines
>
> Assuming you have done so, I suggest you put together a brief
> description of what exactly you plan to collect and what your process
> will be (e.g. how and for how long will any raw data be held for
> incorporation into statistics before being deleted, especially if this
> is much longer than circuit lifetime). Then submit this to the board.
> Right now a board contact address has not been set up so it's just
> listed as Roger, but you can also reply to me for this one since I
> think if you send to him right now it may not go out to the board for
> at least several weeks.
>
> aloha,
> Paul
As previously mentioned I'd recommend putting a 72 hour delay on stats.
Also just post some information. Don't be too revealing. Just list the
amount of traffic (round the number) and leave it at that.
--
Thank you for reading,
Nathaniel Suchy
Fingerprint=490F 1103 B770 BE69 D4CF 20AC CE75 4786 622D 8ED5
(http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xCE754786622D8ED5)
More information about the tor-talk
mailing list