On Fri, Jun 07, 2019 at 01:01:38PM +0000, iwanle...@cock.li wrote: > Can Directory Authorities analyze hostnames of relay users and publish them?
They could, but I don't think that would be a good idea, at least until somebody has thought through how to do it in a safe way. As a start for that thinking, I would point people to: https://research.torproject.org/safetyboard/ But I think this would be a hard one to make properly safe. > If the hostnames or organization names associated with the users are > available, we could know what type of users are increasing, and probably we > could guess why. In Iran and Russia, are the increases being made by > individuals, companies, and/or governments? I want to know that. In my experience, spot-checking these things in the distant past, the hostnames and IP addresses don't tell me as much as I'd like. Maybe if I were an expert in the network topology for these countries, I could understand things better. As another approach, learning the autonomous system (AS) number of connecting users would be another way to measure diversity within the country. I expect in some situations it would give too much precision (too much granularity) for us to be comfortable publishing it though. > https://metrics.torproject.org/reproducible-metrics.html#relay-users > Directory Authorities (DAs) can see IP addresses of relay users and are > reporting countries associated with the addresses for torproject. Yep. > So DAs may > be under control of torproject. No, the directory authorities are run by nine individuals who are part of the Tor community but are not 'under the control of torproject'. They make decisions on their own, and for most security choices a majority or threshold of them need to decide on something before it becomes so. > Can torproject let DAs report hostnames of > the users? No. We can ask, but they should push back unless the request comes with a solid plan on how the measurements will be safe enough. > Should rapid increases of the users be clear for Tor overall? I > would like torproject to decide to do that! Yeah, I would also like the world to figure out a way to do safer measurements like this. The Privcount approach seems like a useful building block here, because it does network-wide aggregation and because it uses differential privacy techniques to avoid publishing any counts that are too precise: https://www.robgjansen.com/publications/privcount-ccs2016.pdf https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/PrivCountInTor and if we had more developer time (aka more funding), we'd be able to get there faster. > But if torproject can let DAs report them, I won't be able to use Tor with > security. Even now, can DAs collect our personal information including IP > addresses and leak them in theory? :D Careful there -- the Tor design doesn't try to prevent every person in the world from learning that you're using Tor. It tries to prevent every person in the world from being able to learn _what you do_ using Tor. If you want to prevent the directory authorities from knowing your location, you'll need to take some further step. But most of these possible steps (use a bridge, use a pluggable transport, use a VPN) just shift the ability to count you to some other point in the network. So there is no magic answer, and it comes down to "it depends what you're worried about more". Hope that helps, --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk