Obfuscated URLs?

Martin Fick mogulguy at yahoo.com
Tue Jun 30 18:47:33 UTC 2009

Obfuscated URL Paths?

Would it be possible to create a URL or some longer string that 
describes a hidden path through the tor network to a specific 
hidden URL and to implement a routing mechanism to access 
documents (files) using this "Obfuscated URL"?

I am fully aware of hidden services, and I am suggesting something 
that I think is quite different.  I am suggesting a way to point 
someone to a file on the normal non-hidden internet without 
telling them where I am pointing to!  

I envision an onion encrypted URL along with the exact path through 
tor (the three hops) also onion encrypted.  This would be similar 
to the way a client normally wraps requests through tor, but the 
wrapping would happen up front and then the wrapper would become 
the "Obfuscated URL" which could be handed off to someone else 
obfuscating both the path through tor and the final destination to 
the person receiving the "Obfuscated URL".  

Obviously, this would not allow a user to chose their own route 
through tor to maintain anonymity according to their standards,
so allowing them to route through 3 original nodes before using 
the obfuscated URL inside the tor network might be necessary.
This I believe should be similar to the way accessing hidden
services works (3 hops in, 3 hops out).

The hard part is that it seems like it would also be necessary
to layer a document fetching mechanism ontop of tor instead of 
simply wrapping TCP to make this effective though?  If not,
obfuscating the URL from the fetcher is likely to be useless since 
end point servers are likely to divulge their locations via most 
protocols (headers...).  Would there be an easier way, to avoid 
this disclosure than creating a new fetching protocol?  Perhaps, 
by adding a built-in simple obfuscating proxying mechanism such 
as polipo on the exit side?

The intent of the Obfuscated URL would not necessarily be to 
maintain long term obfuscation of the URL (could it?), but at 
least to be the basis of a mechanism that would allow users to 
publish hard to censor anonymous content without a hidden service.  
Perhaps the user changes the hidden location every now and then 
in case the real URL is eventually disclosed, but it the 
obfuscation mechanism works for a long enough time, in some case, 
this might be a lot easier and safer than using a hidden service 
(easier to change the location, ability to use free web space 
anonymously...).  Of course, I neglected to mention how the 
user would publish their obfuscated URLs in the first place, 
but that problem exists with onion URLs also?

Any thoughts?  Crazy, useless, impossible...




More information about the tor-talk mailing list