[tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

Mirimir mirimir at riseup.net
Thu Jun 26 05:09:14 UTC 2014


On 06/25/2014 09:17 PM, Mark McCarron wrote:

> Hidden hosting and general usage of Tor are, in functional terms, the
> same thing.

What exactly do you mean by that? It's true that any Tor user can host a
hidden service. But few people, even experienced web engineers, know
enough to do it securely enough. Also, hidden services are far more
vulnerable than Tor users, simply because they serve stuff.

> I remember the issue with Freedom hosting, but that is long ago now
> and this downward trend is still continuing. So, no, I am not buying
> that this is a product of people being spooked. Many of these sites
> arrived or remained even after the Freedom Hosting bust.

Police are still leveraging the Freedom Hosting bust, I think. It takes
time for cases to mature, and for defendants to plea bargain. Some
defendants become informants, as Monsegur (Sabu) did re LulzSec. And
informants sometimes operate for many years.

> I think everyone needs to stop looking for excuses and start
> examining why this is happening and fix it.  Otherwise, this project
> is a waste of time.

As far as I know, no hidden service site has ever been compromised
through an inherent weakness of Tor. Am I wrong in saying that?

> Regards,
> 
> Mark McCarron
> 
>> Date: Wed, 25 Jun 2014 19:15:26 -0600 From: mirimir at riseup.net To:
>> tor-talk at lists.torproject.org Subject: Re: [tor-talk] Illegal
>> Activity As A Metric of Tor Security and	Anonymity
>> 
>> On 06/25/2014 03:56 PM, Mark McCarron wrote:
>>> Basically, I keep a track of site numbers year-on-year, site 
>>> availability from 3rd party monitoring and read comments on
>>> forums and chat.  From what I can gather, most of these sites
>>> were suspected of being honeypots due to their tendency to remove
>>> anything rape/violence related.  That is, they appeared sanitised
>>> in some way. Then all of sudden, they started disappearing.  Some
>>> were connected with major busts of hosting providers, others
>>> without any indication what happened.
>> 
>> I believe that most of the hidden-service sites that you allude to
>> were on Freedom Hosting. Also, recall that the Freedom Hosting
>> operation involved the deanonymization of many site operators and
>> visitors. As a result, many other sites were likely compromised in
>> cascade.
>> 
>>> Whilst it may be good in some sense, it states that Tor is
>>> failing in its primary task of promoting freedom through
>>> anonymity.  In fact, it would seem that Tor is having the
>>> opposite effect, silencing everyone through fear.  Certainly,
>>> some of this comes down to poor security practices, but that
>>> cannot explain the scale of what has happened.
>>> 
>>> So, the question remains, what is wrong with the Anonymity and 
>>> Security of Tor?  The software is compromised in some fashion and
>>> we need to understand this.
>> 
>> You conflate "Tor" with hidden services. Hosting hidden services 
>> securely is indeed a nontrivial endeavor. But that doesn't speak to
>> the anonymity that Tor provides for its users.
>> 
>>> Regards,
>>> 
>>> Mark McCarron
>> 
>> <SNIP>
>> 
>> -- tor-talk mailing list - tor-talk at lists.torproject.org To
>> unsubscribe or change other settings go to 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> 


More information about the tor-talk mailing list