[tor-talk] How easy are Tor hidden services to locate?

Roger Dingledine arma at mit.edu
Wed Mar 6 22:13:23 UTC 2013

On Wed, Mar 06, 2013 at 03:46:51PM -0300, Juan Garofalo wrote:
> >Hidden services are definitely weaker than regular Tor circuits, a)
> >because the adversary can induce them to speak,
> Care to elaborate on that? You mean timing attacks (based on the fact
>that hidden servers 'speak' to clients?) ? Or the owner of the service
>leaking information about himself by mistake? Or?

When you're a Tor client, you only use the Tor network when you choose
to access it (e.g. by trying to fetch a web page). So if the attacker has
some attack that works only a very small percentage of time, they have to
wait for you to initiate connections.

But for a hidden service, they can cause you to initiate a connection just
by visiting the hidden service. And they can do it as often as they want.

See http://freehaven.net/anonbib/#hs-attack06 for the original paper about
this topic (and the reason we implemented entry guards).

And then see http://freehaven.net/anonbib/#wpes12-cogs for a more recent
example. The goal of that paper is to understand how long it takes in
normal operation (with entry guards going offline and being replaced)
before a typical user touches an adversary-controlled guard node. For
simplicity, the paper assumes that you use your guards every minute of
every day for however many weeks or months it takes. A realistic user
doesn't do that, so the paper overestimates the risk. But a realistic
hidden service *would* do that, if the adversary caused it to.


More information about the tor-talk mailing list