[tor-talk] How secure is a hidden service?

grarpamp grarpamp at gmail.com
Sat Feb 22 20:40:27 PST 2020


Tor Project sometimes censor and manage speech on its mailing lists
from some various facts, alternative points of view, free and open
convo, news journalist articles, inquiry, critique of Tor Project itself, etc...
perhaps some of the links below may be of interest or merit, or
even be nothing but utter nonsense indeed... decide as desired.


Busts often have press releases, case docs, and community threads
that can be read for info on, and suspicious gaps in stories of,
how onions were found. Also look for cases that got dismissed,
things can appear strange in them too.

http://dreadditevelidot.onion/post/f7f0b5bc445630301df6
https://www.gwern.net/docs/sr/2020-flugsvamp-docs-FUP_B_13010-18.tar.xz


Some of the public research and exploit whitepapers
against hidden services are listed here...

https://www.freehaven.net/anonbib/


Here are some articles, blogs, threads, links to links, and
so forth that may have other papers and info of interest...

https://restoreprivacy.com/tor/
http://darknetq7skv7hgo.onion/
https://old.reddit.com/r/TOR/comments/7lt954/ddos_related_deanonymization_techniques/
https://www.hackerfactor.com/blog/index.php?/categories/19-Tor
https://trac.torproject.org/projects/tor/ticket/19794
https://old.reddit.com/r/onions+tor/
https://lists.cpunks.org/pipermail/cypherpunks/2020-February/079289.html
https://lists.cpunks.org/pipermail/cypherpunks/2019-November/077834.html
https://www.gwern.net/DNM-arrests
https://www.gwern.net/DNM-survival
https://surveillancevalley.com/blog/fact-checking-the-tor-projects-government-ties


These two messages were replied directly to the
Tor Project mailing lists, both were censored by the
Tor Project and thus never appeared there for users
to consider and or talk about...

https://lists.cpunks.org/pipermail/cypherpunks/2020-February/079419.html
https://lists.cpunks.org/pipermail/cypherpunks/2020-February/079417.html




How hidden are the hidden services of any of today's
overlay networks? One answer is as old as humanity...
Perhaps that depends on how badly they want to find you.



On 2/22/20, Robin Lee <robinlee at mailbox.org> wrote:
> On Fri, 2020-02-21 at 05:41 -0500, Roger Dingledine wrote:
>> On Thu, Feb 20, 2020 at 07:25:32AM +0100, Robin Lee wrote:
>> > I'm wondering how hidden a hidden service actually is? Because last
>> > week charges were brought against Flugsvamp, a Swedish darknet drug
>> > shop. In the documents made public for the court case the police
>> > states
>> > that is was able to trace the actual ip-addresses of the onion-
>> > addresses. Flugsvamp had two onion-addresses and the the police
>> > gave
>> > different probabilities that a certain ip-address was behind each.
>> >
>> > Is it just a function of time and amount of traffic, i.e. the
>> > longer
>> > you are online and the more traffic you generate, the more probable
>> > it
>> > is to discover the true ip-address?
>>
>> It's complicated.
>>
>> I should start out with saying I'd never heard of Flugsvamp until
>> your
>> email, and I have no notion of whether they used Tor or what. That
>> said:
>>
>> Services on the internet are inherently harder to make safe than
>> clients,
>> (a) because they stay at the same place for long periods of time, and
>> (b) because the attacker can induce them to generate or receive
>> traffic,
>> in a way that's harder to reliably do to clients.
>>
>> Most identification problems with Tor users, and with onion services,
>> have turned out to be opsec mistakes, or flaws in the application
>> software at one end or the other. That is, nothing to do with the Tor
>> protocol at all. But of course in the "layers of conspiracy" world we
>> live in nowadays, you can never be quite sure, because maybe "they"
>> used a complex attack on Tor and then covered it up by pointing to an
>> opsec flaw. One hopefully productive way forward is to point out that
>> even if we don't know how every successful attack really started, we
>> know that opsec flaws are sufficient to explain most of them.
>>
>> When I'm doing talks about Tor these days, I list these four areas
>> of concern, ordered by how useful or usable they are to attackers in
>> practice: (1) Opsec mistakes, (2) Browser metadata fingerprints /
>> proxy
>> bypass bugs, (3) Browser / webserver exploits, and (4) Traffic
>> analysis.
>>
>> See e.g. the original story about Farmer's Market:
>> https://blog.torproject.org/trip-report-october-fbi-conference
>> where at first people worried about a vulnerability in Tor, but then
>> it
>> turned out that the operators had been identified and located far
>> before
>> they even switched to using Tor.
>>
>> To make this thread more productive and more concrete: can you point
>> us
>> to these "documents made public for the court case"? Even if they're
>> in
>> Svenska, they would still be useful to look at. The ones talking
>> about
>> probabilities of IP address I mean.
>
> These documents are available at
> https://minfil.com/bbu3q0Y4ne/FUP_B_13010-18_zip
>
> Page 103 in the file 'Stockholms TR B 13010-18 Aktbil 202.pdf' contains
> a short PM about the tracing.
>
> It is a vast set of documents, but as far I've been able to tell
> identifying the VPS-servers behind the onion-addresses was the first
> step.
>
>
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the cypherpunks mailing list