[tor-talk] Operation Onymous Technical Explanation?

[aka]

CANNON NATHANIEL CIOTA:
> Seeking technical information on how hidden services were de anonymized
> and what updates to HS protocol was applied as a mitigation.
> Thanks,

A protocol flaw allowed Guard-node and Exit-node (or that thing that
does rendezvous, forgot the name) to talk to each other over a "hidden
information line" on one Tor circuit. Guard-node knows the real IP,
Exit-node knows traffic + destination IP or in the case of hidden
services, the destination onion.
If both nodes were attacker-controlled, they talked to each other via
that information line, using some weird Tor control messages which were
somehow transparently transported on the whole circuit.
Torproject disabled that weird control message and included a detection,
if any Tor client notices someone still using it, it creates a log
message with the instruction to notify Torproject.