Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

[SeemsLegit]

This report by Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann seems pretty scary. Especially section VI, C

"This means that within 8 months, the probability to deanonymize a long-running hidden service by one of these servers becoming its guard node is more than 90%, for a cost of EUR 8280 (approximately USD 11,000)"

Those holes haven't been patched yet, have they?

[SeemsLegit]

EUR 82800 is still peanuts, to close SR.

[SeemsLegit]

No low latency anonymity network is robust against collaborating intelligence agencies that achieve near global passive adversary status. They don't need to position themselves as entry nodes. They can tap IXPs and AS gateways for much cheaper and watch the connections between Tor clients and all entry nodes.

Well then they potentially need to tap Azerbadjan internet or wherever SR servers are, right? As it stands currently, some random nobody could do it as a fun hobby project. (Assuming I've understood everything correctly)

[Dread Pirate Roberts]

We have read this paper along with the many others currently out and have taken many measures to defend again it and in fact if you see my post on "Needle in the Haystack" there are solutions to fight against it further to as a community.

[kr-rypt]

We have read this paper along with the many others currently out and have taken many measures to defend again it and in fact if you see my post on "Needle in the Haystack" there are solutions to fight against it further to as a community.

A true leader

[crackerbarrel]

Well then they potentially need to tap Azerbadjan internet or wherever SR servers are, right?

Depends on where the entry nodes are. If they are in UK or US, then it doesn't matter where your hidden service is located, they will tap the circuit. Diversifying the network helps. If all paths from your hidden service to the entry nodes are outside of their reach, then they can perform this attack. Reducing entry nodes to 1 increases the cost by another factor of 3. Making a trusted entry node permanent stops the attack completely if the adversary can't compel anyone upstream to cooperate.

What he said.

[jacob1234]

I'm sure the Tor developers are very well aware of anything in that paper and are working on making the software even more secure than the current version.

As for diversifying the network... it's a must. If you can spare the bandwidth or have the money to rent a VPS then do it and help the network out.

[kok]

Well then they potentially need to tap Azerbadjan internet or wherever SR servers are, right?

Depends on where the entry nodes are. If they are in UK or US, then it doesn't matter where your hidden service is located, they will tap the circuit. Diversifying the network helps. If all paths from your hidden service to the entry nodes are outside of their reach, then they can perform this attack. Reducing entry nodes to 1 increases the cost by another factor of 3. Making a trusted entry node permanent stops the attack completely if the adversary can't compel anyone upstream to cooperate.

What he said.

It only makes tracing a hidden service a little harder though, because the attacker can still find your entry guard. Tor Hidden services can all be traced by LE it isn't a matter of if they can it is a matter of how long will it take. It isn't even going to take more than a few months if they really try hard. Tor hidden services are not very anonymous. Neither are I2P hidden services. Low latency hidden services are all weakly anonymous.