On 2012-10-03, Ted Smith wrote:
So it actually assumes that the targeted hidden service is running a Tor relay _and_ an open HTTP server.
The basic attack pattern is extensible to a relay and any service which can be correlated with each other, through any sufficiently selective metadata divulged by both services. It ain't a new one, either; I seem to remember this sort of stuff being done from at least 2008, which prolly makes the idea older since I'm not exactly a pro in the field. The general statistical attack pattern is correlate, accumulate and intersect. The research behind Tor talks about this stuff already, and notes it cannot be stopped if we presume the relay operator leaks such correlated information. So yes, you ought to be worried -- as the operator of a hidden service. -- Sampo Syreeni, aka decoy - decoy@iki.fi, http://decoy.iki.fi/front +358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2