[tor-talk] Content and popularity analysis of Tor hidden services

Eugen Leitl eugen@leitl.org
Thu Sep 5 04:47:23 PDT 2013


----- Forwarded message from Asa Rossoff <asa@lovetour.info> -----

Date: Thu, 5 Sep 2013 04:36:14 -0700
From: Asa Rossoff <asa@lovetour.info>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Content and popularity analysis of Tor hidden	services
X-Mailer: Microsoft Office Outlook 12.0
Reply-To: tor-talk@lists.torproject.org

>From Lunar:
> Eugen Leitl:
>> http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf
>> 
>> Content and popularity analysis of Tor hidden services
> 
> Watch out for dead horses [1] and see the previous discussion [2].
> 
> [1] https://en.wikipedia.org/wiki/Flogging_a_dead_horse
> [2] https://lists.torproject.org/pipermail/tor-dev/2013-May/004909.html

Whether or not all issues were discussed in detail or the same detail in the
prior thread as well as in the paper, I don't know, but the paper has
relevance beyond Tor network flaws:

- It exposes an estimate on how manny hidden services existed at the time of
the study
- It gives a breakdown of what services/some of the services those hidden
services offered.
- It categories HTTP(S) services by content type, which is interesting.

- It describes what resources they required to perform the attack, which
sound relatively modest.

- It highlights the botnet and botnet command and control activity on Tor.

- It describes server configuration issues that allowed easily correlating
the shared hosting of many services
- It describes server configuration issues that allowed easily deanonymizing
the true IP Address of some hidden services.

The last two points are importasnt reminders of some of the pitfalls in
attempting anonymization, and might be good to be documented in the wiki (if
they're not) for setting up hidden services.

The prior points are of social and historic value.
The present situation with massively escalating numbers of Tor users/"users"
highlights the threat that botnets might pose to the Tor network's ability
to function.  A botnet worm of course could also be used to create a
largescale anonymity attack requiring many nodes.

Today's RC just announced does some traffic prioritization which should be a
bandaid for the current problem, but doesn't really address similar issues
in the longterm.  I don't know what solutions to propose, as obviously the
fundamental rule is that this is an anonymous system, and we probably want
to respect net neutrality to the point practical, but more
thought/research/development may have to be done to guard against botnets
threatening the functionality of the Tor network or botnets' potential to
attack the network's anonymity features.

Asa
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5



More information about the cypherpunks mailing list