[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Content and popularity analysis of Tor hidden services

From Lunar:
> Eugen Leitl:
>> http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
>> Content and popularity analysis of Tor hidden services
> Watch out for dead horses [1] and see the previous discussion [2].
> [1] https://en.wikipedia.org/wiki/Flogging_a_dead_horse
> [2] https://lists.torproject.org/pipermail/tor-dev/2013-May/004909.html

Whether or not all issues were discussed in detail or the same detail in the
prior thread as well as in the paper, I don't know, but the paper has
relevance beyond Tor network flaws:

- It exposes an estimate on how manny hidden services existed at the time of
the study
- It gives a breakdown of what services/some of the services those hidden
services offered.
- It categories HTTP(S) services by content type, which is interesting.

- It describes what resources they required to perform the attack, which
sound relatively modest.

- It highlights the botnet and botnet command and control activity on Tor.

- It describes server configuration issues that allowed easily correlating
the shared hosting of many services
- It describes server configuration issues that allowed easily deanonymizing
the true IP Address of some hidden services.

The last two points are importasnt reminders of some of the pitfalls in
attempting anonymization, and might be good to be documented in the wiki (if
they're not) for setting up hidden services.

The prior points are of social and historic value.
The present situation with massively escalating numbers of Tor users/"users"
highlights the threat that botnets might pose to the Tor network's ability
to function.  A botnet worm of course could also be used to create a
largescale anonymity attack requiring many nodes.

Today's RC just announced does some traffic prioritization which should be a
bandaid for the current problem, but doesn't really address similar issues
in the longterm.  I don't know what solutions to propose, as obviously the
fundamental rule is that this is an anonymous system, and we probably want
to respect net neutrality to the point practical, but more
thought/research/development may have to be done to guard against botnets
threatening the functionality of the Tor network or botnets' potential to
attack the network's anonymity features.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to