Server: Round number of objects down to the nearest thousand, to avoid leaking too much data about when objects are uploaded to servers.

2 files changed, 9 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 1557009..bd3f179 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -14,6 +14,8 @@ keysafe (0.20160923) UNRELEASED; urgency=medium
   * Server: --motd can be used to provide a Message Of The Day.
   * Added --check-servers mode, which is useful both at the command line
     to see what servers keysafe knows about, and as a cron job.
+  * Server: Round number of objects down to the nearest thousand, to avoid
+    leaking too much data about when objects are uploaded to servers.
 
  -- Joey Hess <id@joeyh.name>  Fri, 23 Sep 2016 10:40:55 -0400
 
diff --git a/HTTP/Server.hs b/HTTP/Server.hs
index f2ecfa8..886fe6f 100644
--- a/HTTP/Server.hs
+++ b/HTTP/Server.hs
@@ -96,8 +96,13 @@ validObjectsize o = any (sz ==) knownObjectSizes
 	sz = B.length (fromStorableObject o)
 
 countObjects :: ServerState -> Maybe ProofOfWork -> Handler (POWGuarded CountResult)
-countObjects st pow = rateLimit (rateLimiter st) (logger st) pow NoPOWIdent $
-	liftIO $ countShares $ storage st
+countObjects st pow = rateLimit (rateLimiter st) (logger st) pow NoPOWIdent $ do
+	v <- liftIO $ countShares $ storage st
+	case v of
+		CountResult n -> return $
+			-- Round down to avoid leaking too much detail.
+			CountResult ((n `div` 1000) * 1000)
+		CountFailure s -> return (CountFailure s)
 
 -- | 1 is a dummy value; the server does not know the actual share numbers.
 dummyShareNum :: ShareNum