Karsten Loesing, 03.05.2012 13:32:
Hi Sebastian,
Hi Karsten,
Do similar names actually mean that bridges are located where the relay is? (Apparently you've got the data to see these correlations)
A fine question.
How do we define "similar"
That's the same problem an attacker would have. I truly understand the point. One can up with a naming scheme that's not in "the pattern", but where it's still easy to correlate the name. e.g. relay "Earth" and bridge "Moon", relay "Jupiter" bridge "Callisto".
and "located where the relay is?"
I guessed that would be defined already.
The safest way is to ensure that bridge and relay operators are aware of the fact that their naming scheme should avoid correlations, wherever both are actually located. The question here is on how to ensure it?!
So, while we have the data to see these correlations, I think that whatever similarity algorithm we come up with, somebody else might come up with something smarter. If we do the analysis you suggest and learn that it's safe to include nicknames, that doesn't say very much. Only because we have the data to confirm how well our attack would works doesn't automatically mean we're in a good position to design the attack.
If I remember correctly Bruce Schneier "once" said that it's easy to built/invent your own cipher which you are unable to break, but that you can't be sure that no one else can.
If you want to run this analysis with the 2008 tarball (assuming there won't be general objections within the next two weeks), I'm happy to take your list of likely bridge IP addresses and tell you how accurate your algorithm is.
I'll could flip a coin and it would be much more accurate than any algorithm I could come up with.
I'm not able to use any mathematical function on the data. And I have no "skill" to do that in a batch. I as an adversary would "crowdsource" the similarity since humans might have a better understanding what might belong together.
All I could do is look through the list manually and compare them with the list of relays. I don't think I'm going to do this as I don't believe that I'm going to find anything.
"We don't need it, so better remove it." I really like that.
I think we're really conservative with giving out bridge data, and that's good.
I agree.
At the same time there's a value in giving out information about bridges, so that "remove everything" is not a good answer. For example, I think if we give bridge operators better feedback how their bridge is doing, we'll suddenly have a lot more bridges. Making it easy for bridge operators to use Atlas would be a good step into that direction.
I agree again. At least for interested operators it's very nice to have.
The same applies to funders who realize from our statistics how successful the Tor Cloud project is and who then want to fund it more to make it more usable, support more cloud providers, etc.
When it's helpful.
And are we giving away anything else with the nicknames?
Maybe it's location ;)
As I read "hints on the location" for the first time; I though it would mean that "TowerBridge" or "BridgeofLondon" would be bad since it could hint to London.
Well, in that case you'd learn that there's a (Tor) bridge in London. But that wouldn't help you very much, would it?
That was my first misinterpretation of "hints on the location" as I read it "back then" (some time ago). I tried and failed to understand what one would get from knowing where are bridge would be located (geographically). I think it does not hurt.
Thanks for your input!
Probably it wasn't necessary at all. Don't think it was to useful either.
Best, Karsten
Same to you! Sebastian