[Cryptography] Are Tor hidden services really hidden?

John Kelsey crypto.jmk at gmail.com
Sun Mar 2 08:22:00 EST 2014

> On Feb 14, 2014, at 4:19 PM, Phillip Hallam-Baker <hallam at gmail.com> wrote:

> Underestimating the determination of the authorities to locate and destroy online drugs marketplaces seems to be a habit of these people. At this point there are more markets on the list of 'failed/scam' sites than are operating on the http://www.deepdotweb.com/ list.

Just as an aside, I strongly suspect the motivation to shut down online drug dealing and related stuff is:

a.  Rather weakly correlated with how much drugs are sold online via these services.

b.  Completely uncorrelated with externalities of selling the drugs online (which probably involves a lot less collateral damage to the world as a whole).

c.  Very strongly correlated with the amount of press coverage that the online drug dealing sites get.  

Once bitcoin and anonymous online merchants got into the New York Times and onto CNN, some kind of response from the authorities was inevitable.  

> It could be that they are all being found because they are making stupid mistakes like sending email which has to go outside the Tor system becauseof the spam controls. But it wouldn't surprise me if we later find that there are tens of thousands of NSA/GCHQ run nodes. The Snowden papers we have that express concern at the difficulty of Tor intercepts are rather old. Knowing that the NSA could not solve a problem due to lack of resources three years ago would make me conclude they now have the necessary resources rather than it isn't a problem.

One lesson from the Users Get Routed paper was that an attacker willing to put significant resources in (significant from the perspective of a medium sized company; roundoff error in NSA's black budget) can probably deanonymize most Tor users within a few months.  Some of the leaked Snowden documents I've seen reported on have said that Tor was causing NSA/GCHQ problems.  If so, either they haven't yet gotten the resources allocated, or the attacks are a lot harder than the paper assumes.  Or it's disinformation put into a slide presentation that Snowden found.  Or it's out of date.  Or the people at NSA working on cracking Tor anonymity just weren't all that clever.  Or....

I think a fundamental problem which you see in Tor and Wikipedia and a lot of other wonderful bits of our world is that they're run on donated labor and resources.  That means that an attacker with pretty modest resources can have a huge impact on those projects, for good or ill, by just hiring people to volunter or donating resources.  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140302/f51b66f5/attachment.html>

More information about the cryptography mailing list