[tor-dev] CVE-2020-8516 Hidden Service deanonymization

Paul Syverson paul.syverson at nrl.navy.mil
Tue Feb 4 21:30:30 UTC 2020

On Tue, Feb 04, 2020 at 04:15:23PM -0500, David Goulet wrote:
> On 04 Feb (19:03:38), juanjo wrote:
> And the reason for private nodes is probably because this way you eliminate
> noise from other tor traffic so _anything_ connecting back to your ORPort is
> related to the onion service connections you've done. You don't need to filter
> out the circuits with some custom code (which is very easy to do anyway).
> That is unfortunately a problem that onion service have. These types of guard
> discovery attacks exists and they are the primary reasons why we came up with
> Vanguards couple years ago:
> https://blog.torproject.org/announcing-vanguards-add-onion-services

Indeed. Just to underscore the point: we demonstrated those attacks
in the wild and proposed versions of vanguards in the same work where
we introduced guards in the first place, published way back in 2006.

> But one thing for sure, simply forcing rendezvous points to be part of the
> consensus will _not_ fix this problem as it is fairly easy to pull this type
> of attack by simply using a normal relay within the consensus.


More information about the tor-dev mailing list