[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"



On 05/23/2013 07:18 PM, Tom Ritter wrote:
> RPW's, et al's paper was made public today, and demonstrates several
> practical attacks on Hidden Services.
> http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
> 
> I was wondering if there were any private trac tickets, discussions,
> or development plans about this that might be also be made public.
> 
> -tom

Hi, I'm writing a blog post about these new attacks and how they affect
document leak services such as Strongbox
(http://www.newyorker.com/strongbox/) that rely on hidden services.

Would it be fair to say that using the techniques published in this
paper an attacker can deanonymize a hidden service?

Based on this thread it looks like there are several open bugs that need
to be fixed to prevent these attacks. It seems to be that hidden
services still have advantages to leak sites (sources are forced to use
Tor, end-to-end crypto without relying on CAs), but for the time being
the anonymity of the document upload server isn't one of them. Is this
accurate, and is there any estimate on how long do you think this will
be the case? Months, years?

-- 
Micah Lee
@micahflee

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev