Aaron, I think Jaskaran explained it well - basically, we compute statistics other than requests per country, and one of those stats is unique clients, which we can use PCSA for. The `format_client_stats_heartbeat` function in `/src/or/geoip.c` is where we actually compute the unique clients and log that in the heartbeat message.
I think perhaps my proposal doesn't make clear that this PCSA change is in addition to other methods of getting IP's out of memory - I will try to update it to emphasize this. I also will do more research on the 'fuzzing' of country counts, and I will definitely contact Karsten Loesing. Thanks, ~Samir Menon On Sat, Apr 1, 2017 at 11:41 AM, Jaskaran Singh <jvsg1...@gmail.com> wrote: > Hi Aaron, > > These statistics not just tell about the user's country but also keep a > track of unique IP addresses connecting from each country. This is > needed so as to present more realistic stats. If we increment counter on > any IP address instead of unique IP address then the statistics would > also reflect user(s) connecting again and again. If we don't count > Unique IPs, we would have stats about per country usage rather than per > country users. We could do much better and implement a way(as described > by the OP of thread) that counts unique IPs at the same time preserves > privacy. > > And for your second point about hiding the actual counter from > adversary, I agree that this can potentially de-anonymize a client. > An adversary (let's say the government of some small, less populous > country) could try to fingerprint the traffic of it's target(s) and > later correlate it with the data we publish on the metrics site. This > attack could work very well for countries where the Tor users can be > counted on fingers. So, I believe hiding the counter data should also be > implemented along with hiding the IP addresses. > > Regards, > -- > Jaskaran Veer Singh (jvsg) > jvsg1303 at gmail dot com > PGP 2814 3FB7 A32D 429B 092E 27F0 8AA3 C532 9E1A 6AD8 > > _______________________________________________ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
