All standard clients have the same entry nodes on a permanent basis or as long as the entry nodes are up, while the middle and exit nodes changes all the time. This is to reduce the chance of choosing an accidental path that is end-to-end supervised when browsing the WWW.
With hidden services, this isn't needed, since these are end-to-end encrypted connections. The same goes for those who visit hidden services. And randomness is what hidden services need to stay safe. Because it's generally easy to distinguish clients from servers from the way data is transferred, and check if an IP is in the official Tor nodes list or not, it should be pretty easy to find hidden service clients by using a cluster of bad entry nodes to supervise IP addresses and traffic. With a large enough cluster, like 100-200 bad entry nodes, all new hidden services will have a 5-10% x3 chance to select a permanent bad entry node. Old hidden services may already have chosen a bad one, or will have the same 5-10% chance for each new entry node they select if their regular nodes go down. It's just a matter of analyzing timings and traffic, and the hidden service's IP could be found. This only regards listed hidden services, but I guess most are. Since hidden services don't need to stick to the same entry nodes, the Tor developers should really consider making the Tor client randomly choose entry nodes, just as with middle and exits, for hidden service usage. It should be easy to add and it will increase the security of hidden services greatly by adding lots of randomness. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
