--On Monday, October 07, 2013 11:25 AM +0200 Eugen Leitl
On Mon, Oct 07, 2013 at 06:01:00AM -0300, Juan Garofalo wrote:
But that doesn't explain how freedom hosting itself was found in the first place, does it?
Let's say you run a piece of buggy PHP code as a hidden service, on a mass hoster allowing easy signups and installation of own code, with no hard separation of service hosted, and possibly not even firewall the VM traffic, forcing it through Tor.
That is possible, but is there evidence of that actually happening, in the case of freedom hosting? Hadn't fh been running for a couple of years, like silk road? (or more?) - If fh's security was so lousy the so called authorities should have got him (way) sooner?
While it's possible they knew the physical host already, there are certainly far easier ways to nail your ass, given the above.
Yes, I realize that pwning the server through a PHP exploit or the like is far easier - The main reason I see that explanation as not fully satisfactory is that the attack (if it was possible) was not tried sooner.
It would be interesting to post a hidden service with actionable content as a honeypot with everything done right, to see what the parallel construct story would emerge.
Indeed.
No, I'm not volunteering.
hehe =)