[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Content and popularity analysis of Tor hidden services

From grarpamp:
> On 9/5/13, Asa Rossoff <asa@xxxxxxxxxxxxx> wrote:
>> - It exposes an estimate on how many hidden services existed at the time
>> of the study
>> - It gives a breakdown of what services/some of the services those hidden
>> services offered.
>> - It categories HTTP(S) services by content type, which is interesting.
>> - It describes server configuration issues that allowed easily
>> the shared hosting of many services
>> - It describes server configuration issues that allowed easily
>> deanonymizing the true IP Address of some hidden services.
> Forgoing the nonpublished services largely used only by their creators,
> all the above regarding the publicly known services have been going
> on in the wikis and other onionland metaprojects for many years.

Hello grarpamp,
Thanks for the perspective.

I'm not a Tor expert yet.  I have been way off on the sidelines until
recently, not taking close, consistent interest until this year.  I haven't
read most of the research that's been done, and I may not recall all that I
have read!

You may be right in everything you say, but you technically omit the
category "nonpublished services used NOT only largely by their creators but
perhaps by groups that are not so public."  The wikis and indexes both on
onion and the open web contain only a very small number of services in
comparison to the sample this study collected primarily in only a two hour
period (if I recall correctly).

The server configuration issues I'm sure are well known to experts (in this
case the primary issue highlighted was shared or public-internet SSL
certificates; extremely easy to take advantage of and be quite certain of
the results immediately), but I don't know if statistics on them over Tor
were available, especially for a broad range of hidden services, not just
well-known ones.  Even when the services are set up for an individual's own
use, the issue may be relevant.

And having multiple studies that shine a light on real data on these things
not only may clarify issues better, but since past studies presumably were
performed in different ways, also act as a reminders of ongoing issues (and
need for education).  Also if the past data is comparable, it gives a
progress report.

As Tor gets better at anonymizing connections, gathering statistics like
this will become more difficult, so anything we can learn now may help guide
future decisions.

>> The prior points are of social and historic value.

** I'm off to UN Int'l Day of Charity panel webstream in a few mins,
1500-1800 EDT, 2100-0000 CEST, etc. :) http://webtv.un.org (stream)
http://www.un.org/en/events/charityday/events.shtml (panelists/info) **

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to