Hi All,
The recent thread on ColoCrossing nodes[1] has gotten me wondering about the current state of HSDir attacks on hidden sites my web searching has only turned up some articles that are a few years old.
Is it really still the case that spending a little time crafting the "right" finger prints i sall it takes for an adversary to reliably host the HSDir for a given hidden service? Well and 4-5 days uptime...
Assuming the new ColoCrossing nodes are maliciously target ina particular hidden service is it just their sloppiness of putting them all up in the same place over a short period rather than in a slower and more widely distributed manner the only thing that prevented them from acheving their unmasking goals?
Seems like it would be trivial for even a moderately funded attacker to put up 16-32 nodes across a similar number of hosting providers, https://www.terraform.io framework for example seems to support about 37 different "cloud providers" so finding that number of unique providers isn't really hard. If they also set them up at semirandom intervals over the course of a month or so who could ever tell?
-Jon