[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to identify owners of .onion services?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How to identify owners of .onion services?
From: Seth David Schoen <schoen@xxxxxxx>
Date: Tue, 1 Jul 2014 23:39:51 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 02 Jul 2014 02:41:47 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=BhJbswov60bB4UogMwS9rjjNmVmS5XCMit74OIkcQ5U=; b=7oXk+DpZSIcQe41CED/LGwL+8FhHigNdNAL0FmU47KvDCv0YhqK0lEQei9N1ZJGvXWGe/zDHKhszUopfvD/46yj2wx5tSOB0nuMm2leD9Dz2WuX5awgvHthstVyCN4iqW8qtEzAkiFdSOhQV+McHW5vDbUO009BY/1XYm1hDkdo=;
In-reply-to: <f0ed32b8cebd1062c60b786d04a9ecf0@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <f0ed32b8cebd1062c60b786d04a9ecf0@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

williamwinkle@xxxxxxxxxxxxxxx writes:

> How would it be possible for an adversary to learn that Person X
> rented a Tor hidden server from a hosting company that provided
> .onion domains and hosting (assuming that Person X paid for his/her
> hosting with Bitcoins and did not do anything stupid to tie his or
> her 'clear web' identity to his or her .onion identity)?

One avenue of attack would be the channel of communication that that
person uses to administer the server.  For example, they might use ssh
over Tor to log in to administer it.  A very powerful adversary, or an
adversary who was already watching a particular user and a particular
server or hosting facility, could try to associate these traffic flows.

Another avenue would be trying to deanonymize the payments.  Bitcoin has
some risks for users' anonymity, including observing the IP address
that relayed a transaction, and trying to trace the payment history of
particular coins backwards to learn where they previously came from.

There's been a fair amount of research interest in trying to find
the physical server that corresponds to a particular hidden service.
There are a lot of ideas for that; some of them involve generating
distinctive traffic to the hidden service and seeing if similar traffic
emerges somewhere on the Internet, or trying to attack or disrupt
different physical-world hosting facilities to see which attacks cause
disruption for the reachability of the hidden service.  (The adversary
can also operate Tor nodes and hope to be chosen as an entry node by
the hidden service.)  In the scenario you asked about, though, the
adversary might possibly already know where the hidden service's server
equipment is physically located and just be unsure where it was being
administrated from.

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] How to identify owners of .onion services?
  - From: williamwinkle

Prev by Author: Re: [tor-talk] messing with XKeyScore
Next by Author: Re: [tor-talk] (no subject)
Previous by thread: [tor-talk] How to identify owners of .onion services?
Next by thread: Re: [tor-talk] How to identify owners of .onion services?
Index(es):
- Author
- Thread