[tor-talk] How easy are Tor hidden services to locate?
Webmaster
webmaster at felononline.info
Wed Mar 6 20:02:53 UTC 2013
"That said, there are plenty of hidden services out there, and few
stories of people breaking their anonymity by breaking Tor. So they're
not foolproof for sure, but they're also not trivial to deanonymize. "
Could you elaborate on this? I have not found a story where "tor" was
broken to find a site. I have found were the site itself was broken..
SQL injection, open ports, bad setups...etc.
On 03/06/2013 04:53 AM, Roger Dingledine wrote:
> On Wed, Mar 06, 2013 at 01:12:47AM -0600, Anthony Papillion wrote:
>> I'm involved in a project that will ultimately run a website as a
>> hidden service. Because of the content if the site (not child porn
>> or gambling) we're concerned about how easy a Tor connected server
>> is to find.
> Hidden services are definitely weaker than regular Tor circuits, a)
> because the adversary can induce them to speak, and b) because they stay
> at the same place over time. Mostly 'a'.
>
> That said, there are plenty of hidden services out there, and few
> stories of people breaking their anonymity by breaking Tor. So they're
> not foolproof for sure, but they're also not trivial to deanonymize.
>
> I'll turn it around, and ask "easy compared to what?"
>
>> Also, are there best practices to securely hosting a
>> server on Tor?
> I wrote some suggestions on the second-to-last bullet point of
> https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police
> A lot of it depends on your expected adversary, and on how much you care.
>
> --Roger
>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
More information about the tor-talk
mailing list