Quote from: kmfkewm on August 10, 2012, 06:53 amTwo instances of Tor.Tor one is hidden service, Tor two is normal client. Tor one Torrc uses Tor one as socks proxy. Now circuits look like this:Hidden Service <-> T2 entry <-> T2 middle <-> T2 exit <-> T1 entry <-> T1 middle <-> T1 final <-> Clients final <-> etcnow when client adds some nodes to Tor and forces the hidden service to open an arbitrary number of circuits, they will trace to T1 entry in a matter of seconds very easily. If they do active DOS attacks against the set of nodes that make up the possible selections for T1 entry they may be able to own T1 entry. Of course the feds can simply subpoena one of the nodes that is T1 entry and get the information for the node behind it, which if you use a normal hidden service configuration will be the hidden server itself. But now they merely obtain T2 exit, and furthermore they can not continue to do the force the hidden service to open a billion circuits to traceback attack because T2 is a normal Tor client circuit. Configure T1 and T2 Torrc appropriately to make sure there is not node reuse (or family reuse?) between the instances of Tor.Latency is doubled, but it should probably prevent the feds from being able to trace hidden services. Right now they either can, or the only thing stopping them is their own stupidity. Will add donation link to my signature sometime ;).That's a very interesting idea and probably needs to be tested. Perhaps if you set a test site up and draft Shannon to try and find it. ;)