[tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization"

Micah Lee micahflee at riseup.net
Mon May 27 18:39:06 UTC 2013


On 05/23/2013 07:18 PM, Tom Ritter wrote:
> RPW's, et al's paper was made public today, and demonstrates several
> practical attacks on Hidden Services.
> http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
> 
> I was wondering if there were any private trac tickets, discussions,
> or development plans about this that might be also be made public.
> 
> -tom

Hi, I'm writing a blog post about these new attacks and how they affect
document leak services such as Strongbox
(http://www.newyorker.com/strongbox/) that rely on hidden services.

Would it be fair to say that using the techniques published in this
paper an attacker can deanonymize a hidden service?

Based on this thread it looks like there are several open bugs that need
to be fixed to prevent these attacks. It seems to be that hidden
services still have advantages to leak sites (sources are forced to use
Tor, end-to-end crypto without relying on CAs), but for the time being
the anonymity of the document upload server isn't one of them. Is this
accurate, and is there any estimate on how long do you think this will
be the case? Months, years?

-- 
Micah Lee
@micahflee

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130527/2bb259dc/attachment.pgp>


More information about the tor-dev mailing list