[Cryptography] Are Tor hidden services really hidden?

Tom Ritter tom at ritter.vg
Thu Feb 13 18:24:14 EST 2014

On 13 February 2014 09:04, Phillip Hallam-Baker <hallam at gmail.com> wrote:
> What I find rather confusing is the idea that hiding a service rather than a
> client is feasible. Tor is vulnerable to traffic analysis as the Harvard
> bomb threat proved. The student responsible was discovered because his
> IP/MAC address was one of only five using Tor on Harvard campus at the time.

Hiding a server is of course much harder than hiding a client.  But
clients can also be servers - Facebook chat, for example, turns anyone
into a server that can be contact with variable length messages at the
attacker's leisure.

> Tor is very good at preventing the authorities from seeing which sites a
> person in Iran is contacting outside Iran. So it is a very powerful
> anti-censorship tool. But use of Tor for criminal purposes is an obvious
> concern for the authorities and it is fairly easy for them to set up Tor
> nodes. So I have always assumed that at least 50% of the nodes in Tor are
> operated by LE and intel agencies.

Lots of people assume this, but it doesn't seem to bear out well.
Besides the NSA docs that expose their lack of interest in doing so,
visit here: https://metrics.torproject.org/bubbles.html#contact-exits-only
 While there's a large 'unknown' percentage - most of these large
bubbles are people that the Tor Project is in close contact with and
the community knows personally.

> They may not be able to see the actual
> traffic but they can certainly see IP addresses and an IP address only has
> meaning if there are BGP routes pointing packets towards it.

An entry node knows who is talking, but not to whom. A middle node
knows no IP addresses. An exit node knows the recipient IP but not the
origin.  So I'm not sure what you mean by seeing IPs, but they are
unable to see sender and receiver IPs unless they operate both the
start and end node. This is a tagging attack (active) or a traffic
confirmation attack (passive).  It's difficult to achieve, as Tor uses
entry guards to lower the probability of achieving the entry node.

> So from a technical point of view it seems to me that the 'dark net' cannot
> possibly exist but there seem to be many people betting they can stay out of
> jail on the belief it does.
> Is this just an example of wishful thinking or is there something else at
> play?

It depends on your model. If you're saying a Globally Passive
Adversary can de-anonymize low latency connections - and thus the dark
net can't exist: I would agree with you.  If you're saying "Tor Hidden
Services can never provide a level of protection against automatic
wide-scale de-anonymization attacks by a government TLA" - I'll
disagree and start diving into specifics with you.


More information about the cryptography mailing list