[Cryptography] Are Tor hidden services really hidden?
griffin at cryptolab.net
Fri Mar 7 15:38:40 PST 2014
John Young wrote:
> "Also keep in mind that there are no confirmed on the record cases to
> date of a Tor 'break/weakness' having been used to find a user. It
> appears to be only user error."
> One of the perdurable claims of comsec promoters is that comsec
> breaks and weaknesses inevitably turn out to be user errors. Exactly
> who the fictitious user is remains obscure but assuredly means
> somebody other than the comsec promoter user who inevitably
> offers a greatly improved product, trust them.
If your hidden service isn't a clusterfuck of unpatched Apache and
sketchy PHP scripts, then it's not likely to get taken down or located.
If you're a terrible webmaster, you're obviously running a huge risk
with running a website, even if it is a hidden service. Tor isn't
magic. It can't magically make a terrible website awesome. It just
adds additional security -- it can't be the *entire* security plan.
More information about the cypherpunks