On Fri, Nov 7, 2014 at 9:29 AM, Öyvind Saether <oyvinds@everdot.org> wrote:

...

http://www.bbc.com/news/technology-29950946

"The BBC understands that the raid represented both a technological breakthrough - with police using new techniques to track down the physical location of dark net servers"

They do have the capability to locate Tor hidden services at this point.

To those who want to pretend otherwise: The first step to fixing a problem is to admit that it exists. There is no point in pretending these .onion sites are secure anymore. The only interesting question now is: How can this be fixed?

They could simply look for high amounts of Tor traffic and pull the plug in IPs whos traffic pattern look like it may be a hidden service and see if anything goes down.

This is a critical weakness of any anonymous system if... the way things are looking worldwide, GPA's seem to be the real deal and they seem to have no problem handing off to the LE side, and laws be damned... well, the old ways are over, it's the Wild West. Filling all the network links with chaff could be a way to protect users (maybe they were just loading the homepage over and over), but they could still bounce all the IP's to look for servers. There may be an oppurtunity for the operators of anonymous services to band together and monitor themselves or each other for bounces simply to confirm if bounce tests are infact happening against all such service participants, high data/connection rate ones, services based on age of identity key, or any other such class they are able to identify. And they'd have to characterize true bounces from network reachability anomalys. This is hard to defend against. Store-and-forward... maybe. Decentralized p2p/blockchain... more likely, at least for market-like things that could be modeled as transaction-listing-like things. Another way to test is for someone to use perfect opsec (wifi, tor, bitcoin, etc), and actually run a number of illegal sites and see what happens. Then consider some sites may be allowed to live even if actionable, or simply won't be taken down if there are no real world links to act on. Tor had one recent whitepaper that claimed to have actually located hidden services (real or test) within a minor budget and timeframe by abusing nothing other than the Tor network itself. Right? Has anyone replicated that work? People need to be analysing these court documents very carefully to see what bits of knowledge can be drawn from them. That's a project in itself and EFF/Tor wiki would be a good home to begin cataloging them all and making notes of such things in each case. It's pretty obvious something is going on besides opsec, especially with the quotes in the news. Question is, what is it? Tests need done, knowledge needs found, capabilities need catalogued, and defenses need developed. Step by step, scientific method. While you're at it, play some dirty pool in return, set up a bounty for leakers. Cash, sex, drugs, whatever. Not everyone is motivated by the same things Ellsberg/Snowden et al are.

Regardless of how it is actually done: It seems perfectly clear that they are able to identify the servers hosting hidden services. Those who pretend otherwise at this point are either cointelpro/military/law enforcement or morons.