The hits just keep on coming. And by "hits" I mean data showing how weak the Tor network is. http://cryptome.org/2013/09/tor-analysis-hidden-services.pdf ABSTRACT Tor hidden services allow running Internet services while protecting the location of the servers. Their main purpose is to enable freedom of speech even in situations in which powerful adversaries try to suppress it. However, providing location privacy and client anonymity also makes Tor hid- den services an attractive platform for every kind of imagin- able shady service. The ease with which Tor hidden services can be set up has spurred a huge growth of anonymously provided Internet services of both types. In this paper we analyse the landscape of Tor hidden services. We have stud- ied Tor hidden services after collecting 39824 hidden service descriptors on 4th of Feb 2013 by exploiting protocol and im- plementation flaws in Tor: we scanned them for open ports; in the case of HTTP services, we analysed and classified their content. We also estimated the popularity of hidden services by looking at the request rate for hidden service de- scriptors by clients. We found that while the content of Tor hidden services is rather varied, the most popular hidden services are related to botnets. They turned the Trawling for Hidden Services attack on the users, as we predicted could be done. 5. TRACKING CLIENTS In [6], the authors used a specific traffic signature for op- portunistic deanonymisation of hidden services. The tech- nique they used can be easily modified for opportunistic deanonymisation of Tor clients. Assume that an attacker controls a responsible HS direc- tory5 of a hidden service. Whenever it receives a descriptor request for that hidden service, it sends it back encapsulated in a specific traffic signature which will be then forwarded to the client via its Guard node. With some probability, the clients Guard node is in the set of Guards controlled by the attacker. Whenever an attackers Guard receives the traffic signature, it can immediately reveal the IP address of the client. This attack has several important implications. Suppose that we can categorize users on Silk Road into buyers and sellers. Buyers visit Silk Road occasionally while sellers visit it periodically to update their product pages and check on orders. Thus, a seller tends to have a specific pattern which allows his identification. Catching even a small number of Silk Road sellers can seriously spoil Silk Roads reputation among other sellers. As another application, one can collect IP addresses of clients of a popular hidden service and compute a map rep- resenting their geographical location. We have computed such a map for one of the Goldnet hidden services  in Fig- ure 3. An informative commentary on the mailing list: [T]he paper has relevance beyond Tor network flaws: - It exposes an estimate on how manny hidden services existed at the time of the study. - It gives a breakdown of what services/some of the services those hidden services offered. - It categories HTTP(S) services by content type, which is interesting. - It describes what resources they required to perform the attack, which sound relatively modest. - It highlights the botnet and botnet command and control activity on Tor. - It describes server configuration issues that allowed easily correlating the shared hosting of many services - It describes server configuration issues that allowed easily deanonymizing the true IP Address of some hidden services.