[tor-talk] Anonymity of Leaking Servers (Was Re: [tor-dev] "Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization")

Tom Ritter tom at ritter.vg
Tue May 28 00:41:38 UTC 2013


On 27 May 2013 14:39, Micah Lee <micahflee at riseup.net> wrote:

> Would it be fair to say that using the techniques published in this
> paper an attacker can deanonymize a hidden service?
>
> ...but for the time being
> the anonymity of the document upload server isn't one of them.


Switching to tor-talk.

Is that important for Strongbox?  I don't think Strongbox's threat model
needs the document upload server to *be* anonymous.  Strongbox is run by
the New Yorker.  If you want to find their upload server, just look at all
the IP ranges the New Yorker leases.  Or subpoena them, or serve them with
a warrant.

If you were talking about Wikileaks, I might agree - it might be important
for them for their servers to be anonymous.  But then again, it apparently
*wasn't* because IIRC they never ran a document upload service soley on a
HS.  (They may have run one, but everything was also available on the
general 'net, again, IIRC).

I think for all (or most?) of the document leaking services we've seen so
far, the anonymity of the server isn't terribly important, it's the
security & anonymity of the sender that must be preserved at all costs.  In
that regard, HS are still good, because as you said "sources are forced to
use Tor, [with] end-to-end crypto without relying on CAs".

-tom


More information about the tor-talk mailing list