Opened 10 years ago

Closed 2 years ago

#1248 closed defect (wontfix)

Tor bridges log their fingerprint during startup

Reported by: Sebastian Owned by:
Priority: Low Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-bridge
Cc: Sebastian, nickm, arma, phobos Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by arma)

I think that behaviour should be changed to use safelogging here, because when
people share their notice level log, they reveal their bridge's fingerprint otherwise.

Will make a patch if people agree. Nick, Roger?

[Automatically added by flyspray2trac: Operating System: All]

Child Tickets

Change History (12)

comment:1 Changed 10 years ago by nickm

Sure thing. We should make sure they don't log their own address either. (Not that they do, but I don't think
we ever considered that "one's own address" would be sensitive.

comment:2 Changed 9 years ago by arma

I disagree. People use that log line to figure out their bridge address, so they
can share it with people manually.

If you have Vidalia, it shows you a bridge address in the relay window.

But if you don't have Vidalia, how else are you supposed to learn the bridge address
to tell people?

comment:3 Changed 9 years ago by arma

Description: modified (diff)

Can I close as notabug, or do you still think this should change?

comment:4 Changed 9 years ago by Sebastian

Hm. What about the fingerprint file?

comment:5 Changed 9 years ago by nickm

What about it?

comment:6 Changed 9 years ago by nickm

Milestone: Tor: unspecified

(Moving this ticket into the "unspecified" milestone. Please move it out if we can figure out a course of action.)

comment:7 Changed 8 years ago by arma

Component: Tor RelayTor Bridge

comment:8 in reply to:  4 Changed 8 years ago by arma

Replying to Sebastian:

Hm. What about the fingerprint file?

If you mean "what about the fingerprint file, can't they use the value in that to tell people their bridge address", then yes, but having two places they can look increases usability. Before we put it in the log too, some people were having troubles finding their datadir and then finding the file in it.

If you mean "what about the fingerprint file, that has a sensitive string in it too", then we should ask why we're writing the bridge's identity key to disk too.

comment:9 Changed 8 years ago by Sebastian

I meant the former, why not find the fingerprint in the fingerprint file. If this is for usability for bridge operators we should probably log "give this string to your friends who need a bridge: 'ip:port fp'"

comment:10 Changed 7 years ago by nickm

Keywords: tor-bridge added

comment:11 Changed 7 years ago by nickm

Component: Tor BridgeTor

comment:12 Changed 2 years ago by nickm

Cc: Sebastian,nickm,arma,phobosSebastian, nickm, arma, phobos
Resolution: Nonewontfix
Severity: Normal
Status: newclosed
Note: See TracTickets for help on using tickets.