[Cryptography] Are Tor hidden services really hidden?

Griffin Boyce griffin at cryptolab.net
Fri Mar 7 15:38:40 PST 2014

John Young wrote:
> "Also keep in mind that there are no confirmed on the record cases to
> date of a Tor 'break/weakness' having been used to find a user. It
> appears to be only user error."
> One of the perdurable claims of comsec promoters is that comsec
> breaks and weaknesses inevitably turn out to be user errors. Exactly
> who the fictitious user is remains obscure but assuredly means
> somebody other than the comsec promoter user who inevitably
> offers a greatly improved product, trust them.

  If your hidden service isn't a clusterfuck of unpatched Apache and
sketchy PHP scripts, then it's not likely to get taken down or located. 
If you're a terrible webmaster, you're obviously running a huge risk
with running a website, even if it is a hidden service.  Tor isn't
magic.  It can't magically make a terrible website awesome.  It just
adds additional security -- it can't be the *entire* security plan.


More information about the cypherpunks mailing list