Tor can be de-anonymized claims redditor. Any thoughts?

But LE or other powerful adversaries can deanonymize your HS. Here's how:

Step 1) Discover your guard

Step 2) Compromise your guard via legal or other means

How to discover your guard? It's actually easy. The "trawling for hidden services" paper's researchers last year said they can do it in under an hour.

The TLDR is that every time you connect to a hidden service, you (the client) pick a rendezvous point for the HS to connect to. If you do this a lot, eventually the HS will build a circuit through a node you (the attacker) control. On each connection you send some modulated pattern of traffic. When you see it, you know you're the middle node on the HS's rendezvous circuit, and BOOM you know its guard.

HSes are quite useful against some adversaries but not bulletproof against a sophisticated one. This is not a conspiracy theory; tor developers will confirm all of this if you ask them. There is work being done to improve them, but ultimately low-latency anonymity is a very difficult problem and operating a service the attacker can contact makes it even harder.

"Copied from torchallenge01"


Comments


[12 Points] KimJongUntouchable:

"I'm Bailey Jay" claims Redditor. Any thoughts?


[6 Points] None:

[deleted]


[6 Points] None:

[deleted]


[2 Points] InsufficientMemory:

I mean destroying the instance.

Cloud providers, like Rackspace keep records of volume of packets per interface, at 15 minute intervals.

That's it. Not even records of who connected.

That whole, "but they could be monitoring" argument is moot.

If it has only existed for three minutes, then it hasn't been monitored.

It will be burned, or destroyed in memory and removed from storage, before anyone knows to look for it.

"But how can you trust the image that made the VM"?

Because I made it. All of it. And with cloud provisioning, I can double-click a PowerShell script to provision a full infrastructure in a matter of minutes.

This kind of provisioning is more typical of "hacktivist" ops, but it is done from the same reason

Covering tracks.


[2 Points] The_fire_bird:

It's been discussed several times these last few months... It's scare-mongering bollocks.

The attack successfully shows that you visited a site, it doesn't say what you did on it. You could just be a freelance journalist chatting to different vendors trying to publish some news article.

So whilst the attack is very genuine, its implications have been deliberately hugely exaggerated to try and scare people, so that the police have less work to do...


[1 Points] None:

wtf is "its guard"?


[1 Points] free-agent:

But is all the "sensitive" stuff you send is encrypted...who the fuck cares? Just because you are on tor and browsing some places doesn't mean shit. Please stop spreading fear among the community here.


[1 Points] AndThenHeSays4:

Use a PIA VPN and public/hacked wifi and you OK, no?