On 9/3/13 5:59 AM, eliaz wrote: > On 9/2/2013 11:59 AM, Steve Snyder wrote: >> On 09/02/2013 10:02 AM, Kostas Jakeliunas wrote: >>> [1]: http://globe.rndm.de/ >> >> Having this tool on an unencrypted HTTP site doesn't seem safe to me. >> Anybody can sniff the bridge IP addresses that users submit for reporting. > > It may be different if someone compiles the program locally, but AFAICT > no secrets are being divulged from the globe web page. From the page > the details of no bridge can be found without knowing the name of the > bridge in the first place; and if someone knows that she also know the > other details. One doesn't have to go to the page to do a brute force > attack.
Agreed, Globe doesn't divulge any secrets, mostly because Onionoo doesn't contain any secrets. All bridge data that Onionoo has is sanitized and doesn't contain sensitive information anymore. > At the same time globe is useful in helping lower-level bridge operators > such as myself get a better sense of what the information windows in the > browser bundle are actually telling us. I agree. > If I'm wrong in any of the above, please do correct me. No need to. Thanks for running a bridge! Best, Karsten _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
