[tor-talk] How easy are Tor hidden services to locate?

Juan Garofalo juan.g71 at gmail.com
Wed Mar 6 18:46:51 UTC 2013


At 04:53 AM 3/6/2013 -0500, you wrote:
>On Wed, Mar 06, 2013 at 01:12:47AM -0600, Anthony Papillion wrote:
>> I'm involved in a project that will ultimately run a website as a
>> hidden service.  Because of the content if the site (not child porn
>> or gambling) we're concerned about how easy a Tor connected server
>> is to find.
>
>Hidden services are definitely weaker than regular Tor circuits, a)
>because the adversary can induce them to speak,


        Care to elaborate on that? You mean timing attacks (based on the fact that hidden servers 'speak' to clients?) ? Or the owner of the service leaking information about himself by mistake? Or?



> and b) because they stay
>at the same place over time. Mostly 'a'.
>
>That said, there are plenty of hidden services out there, and few
>stories of people breaking their anonymity by breaking Tor. So they're
>not foolproof for sure, but they're also not trivial to deanonymize.
>
>I'll turn it around, and ask "easy compared to what?"
>
>> Also, are there best practices to securely hosting a
>> server on Tor?
>
>I wrote some suggestions on the second-to-last bullet point of
>https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police
>A lot of it depends on your expected adversary, and on how much you care.
>
>--Roger
>
>_______________________________________________
>tor-talk mailing list
>tor-talk at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk 



More information about the tor-talk mailing list