[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")

To: tor-talk@xxxxxxxxxxxxxxxxxxxx, micahflee@xxxxxxxxxx
Subject: [tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")
From: Tom Ritter <tom@xxxxxxxxx>
Date: Mon, 27 May 2013 20:41:38 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 27 May 2013 20:42:13 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:from:date:message-id:subject:to:content-type; bh=kFECX2S/WN9SSL79aBuyq2qKVySyIBMirTFm5rQ3LwQ=; b=uLGVF2L2nl7n0ezsryzLnRtEL6iNAhQk7YGkdDVkzHVOyuXdiwBIUXGBFAzmNhNuaC qojbH2ONCMz5BdhlSRZDmFdK2vtaA3mTBSgPcvVz2WFVme+DmwJujJLjmoLGHqv02Fu/ Bw40EnRAOz9HV9WTQ4oBPayco6IFd6V4ISCXc=
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 27 May 2013 14:39, Micah Lee <micahflee@xxxxxxxxxx> wrote:

> Would it be fair to say that using the techniques published in this
> paper an attacker can deanonymize a hidden service?
>
> ...but for the time being
> the anonymity of the document upload server isn't one of them.

Switching to tor-talk.

Is that important for Strongbox?  I don't think Strongbox's threat model
needs the document upload server to *be* anonymous.  Strongbox is run by
the New Yorker.  If you want to find their upload server, just look at all
the IP ranges the New Yorker leases.  Or subpoena them, or serve them with
a warrant.

If you were talking about Wikileaks, I might agree - it might be important
for them for their servers to be anonymous.  But then again, it apparently
*wasn't* because IIRC they never ran a document upload service soley on a
HS.  (They may have run one, but everything was also available on the
general 'net, again, IIRC).

I think for all (or most?) of the document leaking services we've seen so
far, the anonymity of the server isn't terribly important, it's the
security & anonymity of the sender that must be preserved at all costs.  In
that regard, HS are still good, because as you said "sources are forced to
use Tor, [with] end-to-end crypto without relying on CAs".

-tom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")
  - From: Low-Key²
- Re: [tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")
  - From: Micah Lee

Prev by Author: Re: [tor-talk] Tragedy of the commons.
Next by Author: Re: [tor-talk] What are some good VPS providers for Tor?
Previous by thread: Re: [tor-talk] Orbot and Orweb (take two)
Next by thread: Re: [tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")
Index(es):
- Author
- Thread