[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Hidden Services Hosting and DMCA

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Hidden Services Hosting and DMCA
From: Mike Perry <mikeperry@xxxxxxxxxx>
Date: Sat, 12 Jun 2010 13:28:03 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 12 Jun 2010 16:28:10 -0400
In-reply-to: <4C136C63.2010306@xxxxxxxxxxxxxx>
References: <4C136648.7020103@xxxxxxxxxxxxxx> <40C63AFC-B979-405E-90B5-87ED284C6701@xxxxxxxxxxxx> <4C136C63.2010306@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2.2i

Thus spake Moritz Bartl (tor@xxxxxxxxxxxxxx):

> On 12.06.2010 13:13, Marco Bonetti wrote:
> > On 12/giu/2010, at 12.49, Moritz Bartl <tor@xxxxxxxxxxxxxx> wrote:
> >> The barrier to create hidden services is quite high.
> > I'm not too sure about this: you can run hidden services on tor clients
> > which do not relay any traffic for the network.
> > Starting a service is not that difficult: an home flat Internet
> > connection and a low power computer are ideal for a small personal
> > hidden service.
> 
> That machine should be up 24/7, and you still need to maintain (ie.
> update) it.

Actually, the uptime problem is a rather good reason not to
consolidate hidden services with your exit node. An anonymous user on
the I2P network used to run a public intersection attack on I2P router
uptime vs eepsite (hidden service) uptime. It was rather easy to
correlate which I2P nodes were running which services with this data.

Of course, running hidden services in a separate VM might not have the
correlation that using the same Tor process will, but host OS
downtimes will still be correlated. If it is known that you are a
large provider of hidden services, it becomes useful for an adversary
to closely monitor your host OS for downtime to correlate to downtime
of hidden services.

As a related point, you need to be very careful about your opsec when
providing services like this. While US law protects you from
incriminating yourself by revealing your own encryption keys
(probably), it does not protect you from divulging encryption keys of
your users if you have them, nor does it protect you from court orders
requiring you to install monitoring software into your user's systems
to see what they are doing.

Add in the correlation properties for hidden services or other data
that may be available due to knowledge of your hosting setup (think
apache+php versions, etc), and there may be a sufficient level of
cause for such court orders to be binding.

Of course, you can try to simply ignore these orders due to the fact
that you're German and they're not likely to extradite you over them,
but you'll probably lose your server, and you might have trouble
entering the US at a later date then.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpLDvdg3gyUw.pgp
Description: PGP signature

Follow-Ups:
- Re: Hidden Services Hosting and DMCA
  - From: Moritz Bartl

References:
- Hidden Services Hosting and DMCA
  - From: Moritz Bartl
- Re: Hidden Services Hosting and DMCA
  - From: Marco Bonetti
- Re: Hidden Services Hosting and DMCA
  - From: Moritz Bartl

Prev by Author: Re: [OT]FW: Invitation to connect on LinkedIn
Next by Author: Re: Downloading attachments with Tor - is this secure?
Previous by thread: Re: Hidden Services Hosting and DMCA
Next by thread: Re: Hidden Services Hosting and DMCA
Index(es):
- Author
- Thread