[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] onion routing MITM
> What prevents a person from registering a new .onion site, such as
> http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to
> http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that
> *they* are actually the duckduckgo .onion site?
Nothing.
> When you see a link like http://3g2upl4pq6kufc4m.onion somewhere on the
web
> (such as thehiddenwiki.org) why would you believe it's the real URL that
> duckduckgo created, and not somebody doing a MITM?
Well, I'd query duckduckgo for its hidden service URL in the clearnet
first. If you just search "duckduckgo hidden service" on their clearnet
site, there's a magic/onebox answer with a link to the official onion site.
;-)
The larger point is valid though. I feel like this is actually a huge
problem with the current state of hidden services. Try figuring out which
.onion site is the "real" Hidden Wiki for example.
I'll admit I barely use hidden services for this very reason.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk