On Wed, 11 Nov 2015 20:54:21 -0700 Mirimir <mirimir@riseup.net> wrote:
Anyway, CMU's attack did manage to compromise some onion services, most notably SR2.[0] And I'm not impressed with the Tor Project's performance.
Well, you are not alone. "Recently research had come that shed some light on vulnerabilities in Tor Hidden Services protocol which could help to deanonymize server locations. Most of the new and previously known methods do require substantial resources to be executed, but the new research shows that the amount of resources could be much lower than expected, and in our case we do believe we have interested parties who possess such resources. We have a solution in the works which will require big changes into our software stack which we believe will mitigate such problems, but unfortunately it will take time to implement. Additionally, we have recently been discovering suspicious activity around our servers which led us to believe that some of the attacks described in the research could be going on and we decided to move servers once again, however this is only a temporary solution. At this point, while we don't have a solution ready it would be unsafe to keep our users using the service, since they would be in jeopardy. Thus, and to our great sadness we have to take the market offline for a while, until we can develop a better solution. This is the best course of action for everyone involved. In the mean time we shall do our best to clear all outstanding orders and we ask all of you users who have money on their accounts, withdraw them as soon as possible, because we don't want to be responsible for it during the time when the market will be offline. During this time, there might be some delays in payouts, since many people are expected to withdraw money at the same time, but we intend to resolve any such issues in the end. But we advice you to use only destination bitcoin addresses that do not expire when you send money out from Agora, as the payments to them might get delayed. While the market is offline, do not send any bitcoin to any of your deposit addresses on Agora. We do not gurantee the safety of any funds sent there. Vendors, we strongly advice you to abort any orders that haven't been sent out or processed yet, as we cannot gurantee what will happen with the orders in resolution. We shall try to resolve it on a case-by-case basis, but there might not be time to wait for orders that require long shipping times. We are going to handle the situation with the vendor bonds soon, we need some time to make sure that noone uses this as an opportunity to start scamming wildly. All of the market data will be kept intact and be available upon return, including all of the user history and profile data. Since our PGP key is nearing expiration date, here is a new PGP key which could be used to check authenticity of our messages in the future. ------------- https://www.reddit.com/r/AgMarketplace/comments/3idznd/agora_to_pause_operat...