Bitcoin Forum
February 24, 2021, 09:27:41 PM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
   Home   Help Search Login Register More  
Pages: [1]
Author Topic: Suggestion: Stop logging Tor Exit IPs  (Read 193 times)
Copper Member
Hero Member
Offline Offline

Activity: 518
Merit: 2137

There is only one Bitcoin.

View Profile WWW
January 08, 2020, 03:37:02 AM
Merited by Lauda (1), taikuri13 (1)

Evidently, I can travel at the speed of light! tells me that within a quite short time span, that I have connected from:

Tallinn, Estonia
(Unspecified city), Germany
Lipova, Romania
Amsterdam, Netherlands
(Unspecified city), Austria
(Unspecified city), United States
(Unspecified city), France
(Unspecified city), Switzerland
Nafplion, Greece
Roost, Luxembourg
Sofia, Bulgaria
Brooklyn, United States
Aleksandriya, Ukraine
(Unspecified city), Germany
(Unspecified city), Austria
(Unspecified city), Ukraine
Amsterdam, Netherlands
Bergshamra, Sweden

Seriously, I suggest that by default (and without an option), the forum should automatically discard Tor IPs before the information even hits the “User IP logs”—or if needed, log access as “Tor Exit” without an IP address and city:

  • The logging of exit IPs does not serve the intended purpose of assisting disposition of account recovery requests.  Indeed, to the contrary:  When handling account recovery, I think you must filter Tor exits anyway.  Otherwise, if a user had ever connected through Tor, an account thief may get lucky and connect through an IP geolocated in a city which the user had apparently connected from.  The probability is not negligible:  There are over a thousand Tor exits located all over the world, mostly in densely-populated urban areas; and a Tor user can easily jump around through dozens of them in a matter of hours.
  • Although the logging of Tor exits seems to be not a big privacy concern, why keep around useless data that may be useful for unlikely attacks?  Is the risk to Tor users small?  Large?  Who cares?  The principle of “need-to-know” data minimization seems implicit throughout the forum’s “about privacy” page.  Keeping those IPs around just burdens to the forum and its administration with useless data that they don’t need, and probably therefore don’t want.
  • For Tor users, the forum is mostly served through Cloudflare’s onions* via Alt-Svc, with no client IP address.  I have instrumented my Tor daemon with connection-logging functionality that would probably scandalize Tor Project developers; thus, it has been easy for me to confirm that most of my hits on actually go to a group of v3 onions with names starting with “cflare”.  I only hit via an exit when Tor Browser’s knowledge of Alt-Svc is nonexistent or stale for whatever reason.  (Due to the way Alt-Svc works, a Tor user will always hit with an exit IP at least once at the start of a new browser session.)

It’s probably a relatively low priority for forum improvement; but if you anyway must exclude Tor exits when performing account recovery, the functionality is needed.  I suggest it’s better to do that at the source of data, and discard Tor IPs, rather than later, at the time of use.

(* Of course, Cloudflare can still see all traffic sent through its own onions.  At least their auto-onion feature takes a big load off Tor exit capacity, a perennial bottleneck due to the difficulty and risks of running an exit; and the metadata (time and IP) for connections via an onion cannot be seen by network spies who may watch traffic from Tor exits.  In fairness, I will give them significant credit for doing a bit to help user privacy against adversaries who are not Cloudflare.  In my book, is an offset against their terrifically larger debit for MITMing TLS for what seems like half the web nowadays.  —  I have observed, entities have an interest in protecting people from everybody but themselves.  The NSA wans to pwn your crypto, but doesn’t want the Chinese to pwn your crypto.  Google wants your connections to Google to be secure, so that only they will be able to buttfork your privacy.  Facebook wants you to securely connect to Facebook (even through an onion!), so that you can privately destroy your privacy on Facebook.  I think that Cloudflare is absolutely sincere in their desire to protect users against everybody except Cloudflare.  Well, generally, intelligence data loses its value if others have it...)

“Qui mori didicit, servire dedidicit.”
Hero Member
Offline Offline

Posts: 1614202061

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Sr. Member
Offline Offline

Activity: 1064
Merit: 409


View Profile
January 08, 2020, 06:06:04 AM

Your suggestions looks pretty much an effective way to curb the data storage related to IP logins to the forum. Theymos had already applied some IP retantion restriction features recently. Another intend of theymos behind it could be reducing the data storage space of the user's who don't want to save there IP locations.

I agree tor exits data recording is of probably no use to the forum and not storing them would benifits in a way.
Jet Cash
Offline Offline

Activity: 1890
Merit: 2080

View Profile WWW
January 08, 2020, 08:48:30 AM

I've got a couple of pages worth of IPs logged. All are from the UK, and most state that the city is unspecified. Where the city is specified, it is incorrect, and can be anywhere in England. Only one is correct, and that looks as if it was the result of my tethering through my mobile. I can't see any benefit to me or the forum from recording more than the last couple of IPs.

I'm using public WiFi rather than Tor.

Offgrid campers allow you to enjoy life and preserve your health and wealth.
Pages: [1]
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!