Opened 4 months ago

Last modified 4 months ago

#30768 new enhancement

Add hashed fingerprints to torrc when configuring bridges

Reported by: irl Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor30-can

Description

Context: #30499

Can we add comments to each bridge line containing the hashed fingerprint that could be used to lookup bridges on Relay Search without leaking the fingerprints of the bridges?

Perhaps there is somewhere else in the UI that it would make sense to do this too.

This could be either a complete Relay Search link or just a hashed fingerprint.

Child Tickets

Change History (3)

comment:1 Changed 4 months ago by pili

Sponsor: Sponsor30-can

Marking as a potential S30 ticket

comment:2 Changed 4 months ago by irl

As a sponsor got added here, I'll add a comment on priority for this.

Most users are not going to go looking in their torrc file for bridge fingerprints to go and look up bridges on Relay Search. Of the ones that do get the fingerprint out, they may try and use other tools like torstatus to look up the fingerprint.

Relay Search will hash the fingerprint before sending any request, so bridge lookups in Onionoo are actually double-hashed, but other tools might not do this. Leaking a non-hashed fingerprint can leak the location of the bridge in some cases.

So I think this is a low-probability risk, but with higher impact as a single user might burn a bridge. There may be other places that users get fingerprints from (e.g. BridgeDB/moat) where we should be adding hashed fingerprints too.

comment:3 Changed 4 months ago by gk

Cc: mcs brade added

I am not sure about the torrc feature as I think we don't do anything here but let tor do all the "write-things-to-torrc"-magic. If I am right about that I am somewhat skeptical to implement the torrc feature in the browser.

That said, yes, we could improve the situation somewhere else (first/instead) that is more in browser scope like on the circuit display. Sounds like a good idea to me.

Note: See TracTickets for help on using tickets.