- From: Jacob Appelbaum <jacob@appelbaum.net>
- Date: Sat, 5 Dec 2015 15:02:24 +0000
- To: ietf-http-wg@w3.org
- Cc: Poul-Henning Kamp <phk@phk.freebsd.dk>, Mike Belshe <mike@belshe.com>, Amos Jeffries <squid3@treenet.co.nz>
On 12/5/15, Willy Tarreau <w@1wt.eu> wrote: > A bit off-topic, but since it was brought here... > > On Sat, Dec 05, 2015 at 03:51:11AM +0000, Jacob Appelbaum wrote: >> If I was a betting person, I'd bet they continue to work - except Tor >> Project, I expect that to be blocked if it isn't already. Here is our >> user graph for the entire year of 2015 for Kazakstan: >> https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&start=2015-01-01&end=2015-12-05&country=kz&events=off > > I always find it a bit funny that the infrastructure that provides you > with a supposedly safe network respecting your privacy openly collects > data based on your source address and phones home to feed statistics > that are presented to the public. By calling Tor "supposedly safe" and then stating various unsupportable things about the statistics, I think this email is likely a waste of effort. I hope I'm incorrect. None the less for others on the list, I'll say the following: The generalized statistics are documented here: http://freehaven.net/anonbib/#wecsr10measuring-tor A great deal of questions and general information is here: https://metrics.torproject.org/about.html The reason that this data is available openly is because we are trying to ensure everyone has access to whatever data we might be able to see. We want to make sure that we're not keeping anything secret beyond say, bridge IP addresses which need to be kept private to ensure that they're not blocked by censors. The relay operators are the only ones that see user IP addresses, not us. > When you look at small places such > as Niue, you see between 0 and 1 user basically, so the deployment is > probably so small that everyone there knows exactly who's the person > being using Tor and can monitor his/her internet usage in real time : > > > https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&start=2015-01-01&end=2015-12-05&country=nu&events=off > > It may be a kid supposed to work on his lessons and whose parents are > monitoring from their workplace using this graph, knowing when he's > wasting his time on the net instead of working. I think you should read our design for privacy preserving statistics - it is a rather off-list topic, so I won't bore the list. But claims of "real time" monitoring are just completely wrong. If you'd like to talk off list, I can point you at the same papers listed on the website. > This kid would have > remained unnoticed by *not* using Tor and maybe he doesn't understand > how his parents know he lies! The graph does not confirm that it is him. Your assertion is baseless. Also, I believe that the number one on that graph is actually somewhere between 0-7 as per the way that our statistics are performed. > That's always the problem when one > starts to get many users, it becomes hard to resist to the temptation > to collect data, it might be in human nature :-/ The data is collected by nodes in the network and those who want to help provide a very reasonable dataset that includes no PII other than a general bucket with a fuzzy mapping of IP->country. To call that collecting data on users is a bit of a strech when in fact, the relay does all of the work, converts it and then only sends data when it reaches a threshold that is considered safe. Relays can choose if they want to be part of the metrics project. All the best, Jacob
Received on Saturday, 5 December 2015 15:02:54 UTC