[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Hello I have a few question about tor network

Oskar Wendel writes:

> Does it apply also to traffic going from/to hidden services? How safe are 
> users of hidden services when compared to users that browse clearnet with 
> Tor?

The hidden service users can be identified as users of the individual
services using the same sybil approach: if a user uses a particular
guard node and the hidden service uses a guard node controlled (or
observed) by the same entity, that entity can correlate the traffic
between the two.  I don't know how easy it is to infer right at that
moment that the communication is between a user and a hidden service
rather than between two users intermediated by something else.  However,
the attacker can potentially realize that it's a guard node for some
hidden service because a particular user connects to the guard node
all the time, has a high traffic volume, and for some hidden services,
uploads more than it downloads on average (which is the reverse of the
usual pattern for a Tor Browser user).  (That inference might be even
easier if the hidden service's guard node just notices whether that user
tends to upload a little data followed by downloading a lot of data,
or download a little data followed by uploading a lot of data, since
web browsers usually do the former and web servers usually do the latter.)

The guard node has a conceptually harder task in figuring out _which_
hidden service it's a guard node for.  There has been a lot of research
that touches on this issue and it's clearly not as easy for hidden
services to conceal their identities from their guard nodes as it
should be, especially if the guard nodes actively experiment on the
hidden service.  One example that shows why this is a difficult problem
is that if you control a guard node and you know about the existence of a
particular hidden service, you can connect to the hidden service yourself
and see if that results in any traffic coming out of your guard node.
You can also deliberately shut down clearnet traffic to and from your
guard node for a few seconds at a time at randomly-chosen moments and
see if that results in outages of availability for the hidden services
at the same moments.

I think some of these ideas are developed in published papers and I'm
sorry for not thinking of which papers at the moment.  You can see that
this can make the situation of the hidden service somewhat precarious.

See also


There might be some more hope in the future from high-latency services
(based on examples like Pond), or, based on what some crypto folks have
been telling me, from software obfuscation (!!).

Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to