[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Example hidden service issue

* on the Sat, Mar 31, 2007 at 11:38:47AM -0500, Drake Wilson wrote:

> By my understanding, here's the chain of reasoning and action:
>   1. Someone sets up a foobarbazqux.onion hidden service with the example
>      given.  They type in http://foobarbazqux.onion/ to see whether it works.
>   2. Browser forwards a request through Tor's SOCKS proxy.  The hostname
>      of this request, as far as I know, never gets altered; just that
>      onion names won't resolve outside the SOCKS proxy.  Moreover, Tor doesn't
>      interpret the HTTP stream at all.  I don't think Privoxy changes the
>      former either.
>   3. Tor at the other end receives the stream of bytes for the hidden service,
>      and passes it onto www.google.com:80.
>   4. The original request still contains a Host: header for the onion service,
>      since the browser doesn't know what .onion is; it just forwards the hostname
>      onto SOCKS.  The Host header can't have been changed to www.google.com in the
>      middle, because the only link aware that it's talking to www.google.com is the
>      Tor node running the hidden service, and Tor isn't interpreting the HTTP request.
>   5. The outgoing connection from the hidden service forwarding is most likely
>      not location-anonymized, through Tor or otherwise.
>   6. Therefore, Google now has an HTTP request from the public IP address of the
>      node running the hidden service, with a Host header corresponding to the hidden
>      service.  Therefore, Google now has a reasonable suspicion of where that service
>      is located.

That's exactly the way I should have described the issue in my original
post. I didn't think I'd need to spell it out in so much detail. :)

If you assume that everyone that has set up a hidden service has done
the google test as described in the documentation and hasn't then
changed the onion address afterwards. Also assume that google logs the
Host header, eg using apache common+host format and that they archive
the logs. This gives google the ability to grep for an onion address and
get the real ip of the hidden service if they're ever "asked" for it.