Dnia piątek, 7 marca 2014 20:10:53 Steve Furlong pisze:
On Fri, Mar 7, 2014 at 7:39 PM, Rich Jones <rich@openwatch.net> wrote:
Given enough time, your hidden service can be deanonymized
As I stated in a previous thread, I think the key is likely to be to a) redundancy and b) constant movement.
c) Don't get too big, too complicated, or too fancy. Keep your pages or your apps or your web services tightly focused, and not integrated with anything that can be stripped out. If you have multiple services, separate them logically if not physically, and do not provide the convenience feature of automatically logging a user into a second if logs into a first. Don't bring in outside JavaScript or stylesheets or images that you can avoid.
With just a few corner cases (but hey, who embeds YT videos on their site, srsly) ALL external JS/CSS/images/fonts/etc can be avoided. And should be avoided. You need to use a particular library or image resource? Keep these on your server and serve them from there. Can't legally do that? Find other media or libraries instead. Want to use Google Analytics? Why don't you have a seat over there. Over there.
This is not specific to hidden TOR services, or to the blacknet, or to selling drugs by mail.
Indeed. -- Pozdr rysiek