On Wed, Mar 06, 2013 at 03:46:51PM -0300, Juan Garofalo wrote: > >Hidden services are definitely weaker than regular Tor circuits, a) > >because the adversary can induce them to speak, > > Care to elaborate on that? You mean timing attacks (based on the fact >that hidden servers 'speak' to clients?) ? Or the owner of the service >leaking information about himself by mistake? Or?
When you're a Tor client, you only use the Tor network when you choose to access it (e.g. by trying to fetch a web page). So if the attacker has some attack that works only a very small percentage of time, they have to wait for you to initiate connections. But for a hidden service, they can cause you to initiate a connection just by visiting the hidden service. And they can do it as often as they want. See http://freehaven.net/anonbib/#hs-attack06 for the original paper about this topic (and the reason we implemented entry guards). And then see http://freehaven.net/anonbib/#wpes12-cogs for a more recent example. The goal of that paper is to understand how long it takes in normal operation (with entry guards going offline and being replaced) before a typical user touches an adversary-controlled guard node. For simplicity, the paper assumes that you use your guards every minute of every day for however many weeks or months it takes. A realistic user doesn't do that, so the paper overestimates the risk. But a realistic hidden service *would* do that, if the adversary caused it to. --Roger _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk