[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.

On Wed, Aug 13, 2014 at 12:06 PM,  <blobby@xxxxxxxxxxxxxxx> wrote:

> If it's possible for the owner of a hidden service (whether the FBI or a
> regular person) to install malware which grabs visitors' IPs, then what is
> stopping any hidden service owner from doing this?

Nothing is stopping a hidden service owner from doing anything that an
operator on the open net can do.

> Considering the number of individuals that must have visited the hidden
> service, this doesn't seem to be very many people. Why were so few
> identified? Were the 25 using outdated browsers (TBB)?
> How, in this case, was it possible for the FBI to learn the IP addresses of
> visitors to this hidden service? The Tor hidden server page states that "In
> general, the complete connection between client and hidden service consists
> of 6 relays: 3 of them were picked by the client with the third being the
> rendezvous point and the other 3 were picked by the hidden service."
> Can someone knowledgeable please explain how visitors to a Tor hidden
> service can have their real IPs detected?

AFAIK the malware used javascript to break the users' browsers. As
someone who argues against using javascript in any context, I can only
say "told you so", but that doesn't really help anyone. :)

Because they managed to get in to the client browser, they could learn
the real IP address and MAC address, they didn't learn this through
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to