On 21 Dec (19:37:13), Aeris wrote: > > Would anyone outside of myself and those two > > people be able to determine the onion address > > Yes. Your onion address is published on a DHT, hosted accross all nodes with > HSDir flag. Some bad behaviouring relays try to enumerate all onion addresses > by massive HSDir node creation to fetch different part of the DHT each time. Quick note that our next version of onion service (v3) will mitigate this harvesting as the HSDir and Introduction Point won't be able to learn the onion address. But yes, currently this is a weakness in the protocol. > > > or monitor activity related to the hidden service such as HS descriptor > uploads and downloads from directory servers, or connection attempts via > > introduction or rendezvous points? > > Yes too. HSDir node and rendez-vous points can monitor HS usage, because > HSDir/RdVPoint usage for a single HS is correlated to this HS usage. Wait. Rendezvous Point (RP) do *NOT* know the onion service identity unless you do some sort of circuit fingerprinting or HSDir correlation attacks. But, assuming not doing such an attack, RPs don't have the information. It can only track how much traffic is going through an onion service circuit without knowing which service it is. But, the Introduction Point (IP) does! so it can monitor how many connections are made to the service using the IP and identify the .onion. Although, it won't get them all as a normal descriptor has 3 different IPs but it can extrapolate easily. > > > Would it make a difference if the hidden service used basic or stealth > authorization? > > AFAIK, no. Auth for a HS is only to forbid unallowed client to connect to it, > but doesn't change the way HSDir and RdVPoint are handled. Correct except not the RdVPoint but the Introduction Point will be different for stealth authorization as it is a descriptor per client authorization. Cheers! David > > Regards, > -- > Aeris > Individual crypto-terrorist group self-radicalized on the digital Internet > https://imirhil.fr/ > > Protect your privacy, encrypt your communications > GPG : EFB74277 ECE4E222 > OTR : 5769616D 2D3DAC72 > https://café-vie-privée.fr/ > -- > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk