----- Forwarded message from Asa Rossoff <asa@lovetour.info> ----- Date: Thu, 5 Sep 2013 04:36:14 -0700 From: Asa Rossoff <asa@lovetour.info> To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Content and popularity analysis of Tor hidden services X-Mailer: Microsoft Office Outlook 12.0 Reply-To: tor-talk@lists.torproject.org
From Lunar: Eugen Leitl:
http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
Content and popularity analysis of Tor hidden services
Watch out for dead horses [1] and see the previous discussion [2].
[1] https://en.wikipedia.org/wiki/Flogging_a_dead_horse [2] https://lists.torproject.org/pipermail/tor-dev/2013-May/004909.html
Whether or not all issues were discussed in detail or the same detail in the prior thread as well as in the paper, I don't know, but the paper has relevance beyond Tor network flaws: - It exposes an estimate on how manny hidden services existed at the time of the study - It gives a breakdown of what services/some of the services those hidden services offered. - It categories HTTP(S) services by content type, which is interesting. - It describes what resources they required to perform the attack, which sound relatively modest. - It highlights the botnet and botnet command and control activity on Tor. - It describes server configuration issues that allowed easily correlating the shared hosting of many services - It describes server configuration issues that allowed easily deanonymizing the true IP Address of some hidden services. The last two points are importasnt reminders of some of the pitfalls in attempting anonymization, and might be good to be documented in the wiki (if they're not) for setting up hidden services. The prior points are of social and historic value. The present situation with massively escalating numbers of Tor users/"users" highlights the threat that botnets might pose to the Tor network's ability to function. A botnet worm of course could also be used to create a largescale anonymity attack requiring many nodes. Today's RC just announced does some traffic prioritization which should be a bandaid for the current problem, but doesn't really address similar issues in the longterm. I don't know what solutions to propose, as obviously the fundamental rule is that this is an anonymous system, and we probably want to respect net neutrality to the point practical, but more thought/research/development may have to be done to guard against botnets threatening the functionality of the Tor network or botnets' potential to attack the network's anonymity features. Asa -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5