Removing or not sanitizing ContactInfo lines in bridge descriptors
There's an interesting question in the Tor StackExchange beta:
I'm guessing that a bridge uploads its ContactInfo to the bridge
authority, so there's a point of contact for the Tor project.
Is this information available to any other parties, i.e. users requesting
bridges, or people randomly connecting to IP addresses looking for Tor
installations?
In practice, users of a bridge will be able to learn the bridge's ContactInfo
line, because they download the bridge's descriptor.
But Tor people will have a hard time to do that, because this line is removed from bridge descriptors in the sanitizing process. One needs access to the non-sanitized descriptors, which limits the set of people to maybe five. I don't remember a single time in the past couple of years when we tried to contact bridge operators using provided contact information.
This is rather unexpected for bridge operators, I'd think. I guess most bridge operators would expect their contact information to be known to Tor project people and used for debugging only.
Three options:
- We conclude we don't need the contact line for bridges, because we wouldn't contact the bridge operator anyway. Bridges should remove that line from their descriptor before uploading.
- We decide this information is important and that we should have it available more easily. We don't remove the
ContactInfo
line when we sanitize bridge descriptors. - We don't change anything, because everything's fine as it is. At least now we know this information is theoretically available to a few Tor people and definitely available to bridge users.