Hi there, a the current state what can be logged by Tor could be called unsafe.
What I'm concerned about isn't the fact that one can tell Tor to log, it's the safety that's unbalanced. I never thought Tor logs should be appending as that could lead to privacy issues whenever a relay gets raised. One turns on logging and forgets about it. I never came up with it, but it's along the line. - Make logs overwrite each other by default (The node runs and starts logging, then stops running, when it starts again it overwrites the old logs) - Introduce an option to make logs appending (whenever this is reasonable) Tor tells: [Notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Whenever logging is enabled Tor could tell: [Notice] Please log to an safe place. Don't log unless it's serves an important reason. Assign flags to nodes that log, maybe based on the level they do. - log_warn - log_error - log_info - log_debug The TorProject and users could notice if a node is logging in a suspicious way. Maybe you can go as far as giving (long term or critical) logging nodes less traffic. When equally good nodes exists they could be picked over the logging ones. I'm fully aware that one can log things without Tor, capture traffic and all that stuff. The operators have to be honest. Regards, bastik_tor _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
