[tor-talk] How easy are Tor hidden services to locate?

[mirimir]

On Wed, 6 Mar 2013 04:53:05 -0500, Roger Dingledine wrote:

> Hidden services are definitely weaker than regular Tor circuits,
> a) because the adversary can induce them to speak, and b)
> because they stay at the same place over time. Mostly 'a'.

On Wed, 6 Mar 2013 17:13:23 -0500, Roger Dingledine added:

> But for a hidden service, they can cause you to initiate a
> connection just by visiting the hidden service. And they can
> do it as often as they want.

I agree with tor at x...x (on Wed, 06 Mar 2013 21:34:29 +0000)
that separating hidden services from Tor clients on different
machines (virtual or better, physical) prevents them from
finding their IP addresses, even if they are compromised.

However, as Roger notes, hidden services typically do "stay
in the same place". And adversaries can of course "induce
them to speak", "as often as they want" (and in whatever
patterns that they specify).

Even so, if there are multiple hidden service instances with
the same credentials, clients will get whichever instance has
announced most recently. Also, given that hidden services and
Tor clients are running on different machines, one hidden
service machine could access multiple Tor client machines over
back channels such as VPNs, Tor and/or I2P. Alternatively, or
in addition, multiple hidden service machines could rely on
back-end data stored in globally distributed and redundant
fashion (using Tahoe-LAFS, for example) and accessed over
various back channels.

In that way, hidden services could move, either randomly or
in response to suspected attacks. And the data that they
serve would not originate in one particular place. Also,
being stored in globally distributed and redundant fashion,
the data would be very hard to identify and eliminate.

What have I missed?