[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] privacy of hidden services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] privacy of hidden services
From: Ivan Markin <twim@xxxxxxxxxx>
Date: Wed, 21 Dec 2016 19:21:00 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 21 Dec 2016 14:22:46 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1482348149; bh=14rAO4btqMWN7ohOOnfhPwYOUltKViAa5v7AIw02Iks=; h=Subject:To:References:From:Date:In-Reply-To:From; b=q0fwgdaXy81NpQ85twnA9uoqDaVFgNGzBNfCdw+Zs3kr9aRFjIND6pso2yJavoRAP hBdv/i9qyAc3zV5iJWZnSuQCXklTMK+fYY4FnPTdvZ+2aLKmt8u+gYKSErVt08W/Lx dxAy0piuVvAEluPU3FFNRjzEyZdD347s+YGYdWYw=
In-reply-to: <CAB7TAMmvsNdzFtj6fUERo11hEipn22ELwueW0Y7GAbyYFP9C1Q@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAB7TAMmvsNdzFtj6fUERo11hEipn22ELwueW0Y7GAbyYFP9C1Q@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Allen:
> I have a question about the privacy of hidden services.  Let's say I
> create a tor hidden service and privately send the onion address to
> only two other people.  Would anyone outside of myself and those two
> people be able to determine the onion address or monitor activity
> related to the hidden service such as HS descriptor uploads and
> downloads from directory servers, or connection attempts via
> introduction or rendezvous points? 

Yes, HSDirs can do this since they are in position of storing and
service HS descs. Some of them are actually trying to do this for
specific HSes by bruteforcing their fingerprints to get into right place
in the hash ring (this should become infeasible after shared randomness
deployment).
Also your Introduction Points are able to connect to your service and
probably figure out your .onion address (i.e. based on application data).


> Would it make a difference if the hidden service used basic or
> stealth authorization?

So yes, ideally encrypt your Introduction Points (basic) and obfuscate
identity keys (stealth) [this also encrypts sets of IPs]. Non-ideally,
use random slugs in URLs as OnionShare does (if you're doing web).

Many of these problems should be gone after prop224 got implemented.

--
Ivan Markin
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] privacy of hidden services
  - From: Allen

References:
- [tor-talk] privacy of hidden services
  - From: Allen

Prev by Author: Re: [tor-talk] Massive Bandwidth Onion Services
Next by Author: Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes
Previous by thread: Re: [tor-talk] privacy of hidden services
Next by thread: Re: [tor-talk] privacy of hidden services
Index(es):
- Author
- Thread