[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How easy are Tor hidden services to locate?




"That said, there are plenty of hidden services out there, and few stories of people breaking their anonymity by breaking Tor. So they're not foolproof for sure, but they're also not trivial to deanonymize. "

Could you elaborate on this? I have not found a story where "tor" was broken to find a site. I have found were the site itself was broken.. SQL injection, open ports, bad setups...etc.


On 03/06/2013 04:53 AM, Roger Dingledine wrote:
On Wed, Mar 06, 2013 at 01:12:47AM -0600, Anthony Papillion wrote:
I'm involved in a project that will ultimately run a website as a
hidden service.  Because of the content if the site (not child porn
or gambling) we're concerned about how easy a Tor connected server
is to find.
Hidden services are definitely weaker than regular Tor circuits, a)
because the adversary can induce them to speak, and b) because they stay
at the same place over time. Mostly 'a'.

That said, there are plenty of hidden services out there, and few
stories of people breaking their anonymity by breaking Tor. So they're
not foolproof for sure, but they're also not trivial to deanonymize.

I'll turn it around, and ask "easy compared to what?"

Also, are there best practices to securely hosting a
server on Tor?
I wrote some suggestions on the second-to-last bullet point of
https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police
A lot of it depends on your expected adversary, and on how much you care.

--Roger

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk