[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")

On 05/27/2013 05:41 PM, Tom Ritter wrote:
> Is that important for Strongbox?  I don't think Strongbox's threat model
> needs the document upload server to *be* anonymous.  Strongbox is run by
> the New Yorker.  If you want to find their upload server, just look at
> all the IP ranges the New Yorker leases.  Or subpoena them, or serve
> them with a warrant.
> If you were talking about Wikileaks, I might agree - it might be
> important for them for their servers to be anonymous.  But then again,
> it apparently *wasn't* because IIRC they never ran a document upload
> service soley on a HS.  (They may have run one, but everything was also
> available on the general 'net, again, IIRC).  
> I think for all (or most?) of the document leaking services we've seen
> so far, the anonymity of the server isn't terribly important, it's the
> security & anonymity of the sender that must be preserved at all costs.
>  In that regard, HS are still good, because as you said "sources are
> forced to use Tor, [with] end-to-end crypto without relying on CAs".

There are a couple of other reasons why even an org like the New Yorker
might want their document upload server to be anonymous.

If an attacker knows the IP of the upload server (and can make web
requests directly to the IP, as opposed to the .onion) they can DDoS
them without bringing down the Tor network.

Also, if a government knows the IP of the upload server and it's in
their jurisdiction, they could potentially raid the data center and
seize the server.

I agree, most of the time leak sites don't need as much anonymity from
hidden services.

Micah Lee

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list