[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
From: Anders Andersson <pipatron@xxxxxxxxx>
Date: Wed, 13 Aug 2014 23:01:32 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 13 Aug 2014 17:01:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=UNqu9eCLK+/UZkdoLb7/YR+eLhQysn7ydPJ9e7rNrYw=; b=bQ2IMySXEXjhTHx3BvmLW+LG5Doz3x347YrA+0PFlYPgMYWlu1lRSKAFKW/h7dYdWT 2kg5sZ98nTmy+KDaZr0MW4tqZvwzdAdVueNPFyyZz7+/UZywt5NqkJ2zWE4uvs660uXO FRmNEw0Vua7fjSPt++90pDpcBxcI1wBmMwjQhKm0OQTYyYl/zQ0UaBX5vM0A+3FCV9RF q3Y48aLl7a26KzTo+mJKYHkiyn5mWvS0KS3kqZOfAtIDWOyCVLUUW32zoj8N9SbWnBrN 9Idf+PDbHKzQk3uglXLzigYIktPZJHiVa+Yp2LVg/CFEgFJzJrxokN1YX4njXZdqdZCP IQug==
In-reply-to: <4dbf80e1a3ae8b182a15ea2af6fa10dc@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Wed, Aug 13, 2014 at 12:06 PM,  <blobby@xxxxxxxxxxxxxxx> wrote:

> If it's possible for the owner of a hidden service (whether the FBI or a
> regular person) to install malware which grabs visitors' IPs, then what is
> stopping any hidden service owner from doing this?

Nothing is stopping a hidden service owner from doing anything that an
operator on the open net can do.


> Considering the number of individuals that must have visited the hidden
> service, this doesn't seem to be very many people. Why were so few
> identified? Were the 25 using outdated browsers (TBB)?
>
> How, in this case, was it possible for the FBI to learn the IP addresses of
> visitors to this hidden service? The Tor hidden server page states that "In
> general, the complete connection between client and hidden service consists
> of 6 relays: 3 of them were picked by the client with the third being the
> rendezvous point and the other 3 were picked by the hidden service."
>
> Can someone knowledgeable please explain how visitors to a Tor hidden
> service can have their real IPs detected?

AFAIK the malware used javascript to break the users' browsers. As
someone who argues against using javascript in any context, I can only
say "told you so", but that doesn't really help anyone. :)

Because they managed to get in to the client browser, they could learn
the real IP address and MAC address, they didn't learn this through
Tor.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Aymeric Vitte
- Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: Mirimir

References:
- [tor-talk] Wired Story on Uncovering Users of Hidden Services.
  - From: blobby

Prev by Author: Re: [tor-talk] Cause of drops in network congestion on 2013-10-09 and 2014-06-06
Next by Author: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Previous by thread: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Next by thread: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
Index(es):
- Author
- Thread