write-history and read-history in extra-infos leaks the relay's used bandwith if the bandwidth limit is changed
If a user changes the bandwidth limit to a different value, the next update of the write/read-history (after a reload of the config) contains different values. By the difference of the values an attacker could infer how much bandwidth the user used by himself.
Lets assume the extra info reports 18432000 (B) for a 15 min period. After increasing the bandwidth limit and reloading the server, the next update reports 23404544 (B) for the same 15 min period. Thus, an attacker can infer how much bandwidth the user/relay used by its own in this period.
Trac:
Username: lancelot666