Opened 3 years ago

Last modified 22 months ago

#20983 new enhancement

Stop sanitizing contact information from bridge descriptors

Reported by: cypherpunks Owned by: metrics-team
Priority: Medium Milestone:
Component: Metrics/CollecTor Version:
Severity: Normal Keywords: metrics-2018
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

context:
https://lists.torproject.org/pipermail/tor-dev/2016-December/011756.html

Why does CollecTor remove ContactInfo from bridge descriptors?
Publishing the ContactInfo should not (directly) reveal the bridge location?

use-case for that data:
bridge group detection

If plain publishing is not acceptable how about generating a random string replacement for a given ContactInfo string.
https://lists.torproject.org/pipermail/tor-dev/2016-December/011761.html

That mapping contactInfo -> random id should remain static for at least 24 hours.

Child Tickets

Change History (10)

comment:1 Changed 3 years ago by cypherpunks

Summary: ContactInfo information (less sanitization)bridge ContactInfo information (less sanitization)

comment:2 Changed 3 years ago by iwakeh

Background info also here: dev-ml thread.

comment:3 Changed 3 years ago by karsten

#9854 is also quite relevant here, despite the fact that it's already closed. It contains a lot of background.

We should consider doing this (stop sanitizing contact information from bridge descriptors) when we reprocess the bridge descriptor archive the next time.

comment:4 Changed 3 years ago by karsten

Minor remark: OnionTip (now TorTip) would be able to use bridge contact information to list bridges and distribute bitcoins to bridge operators. Not sure if that helps a lot, but it's another reason to do it. (Not saying there are no reasons against it, but let's collect all reasons before we decide.)

comment:5 Changed 3 years ago by cypherpunks

After looking at the spec
https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt#n55

I noticed that the bridge descriptor does not even contain contactinfo?

So it is not there and can not be published?

comment:6 in reply to:  5 Changed 3 years ago by karsten

Replying to cypherpunks:

After looking at the spec
https://gitweb.torproject.org/torspec.git/tree/bridgedb-spec.txt#n55

I noticed that the bridge descriptor does not even contain contactinfo?

So it is not there and can not be published?

That's not the bridge descriptor specification, it's the BridgeDB specification. BridgeDB is a bridge distribution service. Bridge descriptors are produced by the Tor daemon just like relay descriptors. They do contain contact information.

comment:7 Changed 2 years ago by karsten

Summary: bridge ContactInfo information (less sanitization)Stop sanitizing contact information from bridge descriptors

Tweak the summary a bit.

FWIW, there's now a specification for sanitized bridge descriptors.

comment:8 Changed 2 years ago by karsten

Keywords: metrics-2018 added

comment:9 Changed 2 years ago by karsten

Keywords: metrics-2017 added; metrics-2018 removed

comment:10 Changed 22 months ago by iwakeh

Keywords: metrics-2018 added; metrics-2017 removed

Will be completed in 2018.

Note: See TracTickets for help on using tickets.