[Cryptography] Are Tor hidden services really hidden?

[rysiek]

Dnia piątek, 7 marca 2014 20:10:53 Steve Furlong pisze:
> On Fri, Mar 7, 2014 at 7:39 PM, Rich Jones <rich at openwatch.net> wrote:
> > Given enough time, your hidden service can be deanonymized
> > 
> > As I stated in a previous thread, I think the key is likely to be to
> > a) redundancy and b) constant movement.
> 
> c) Don't get too big, too complicated, or too fancy. Keep your pages or
> your apps or your web services tightly focused, and not integrated with
> anything that can be stripped out. If you have multiple services, separate
> them logically if not physically, and do not provide the convenience
> feature of automatically logging a user into a second if logs into a first.
> Don't bring in outside JavaScript or stylesheets or images that you can
> avoid.

With just a few corner cases (but hey, who embeds YT videos on their site, 
srsly) ALL external JS/CSS/images/fonts/etc can be avoided. And should be 
avoided.

You need to use a particular library or image resource? Keep these on your 
server and serve them from there.

Can't legally do that? Find other media or libraries instead.

Want to use Google Analytics? Why don't you have a seat over there.
Over there.

> This is not specific to hidden TOR services, or to the blacknet, or to
> selling drugs by mail.

Indeed.

-- 
Pozdr
rysiek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 316 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20140308/27bbd541/attachment-0001.sig>