>From grarpamp: > On 9/5/13, Asa Rossoff <[email protected]> wrote: >> - It exposes an estimate on how many hidden services existed at the time >> of the study >> - It gives a breakdown of what services/some of the services those hidden >> services offered. >> - It categories HTTP(S) services by content type, which is interesting. >> - It describes server configuration issues that allowed easily correlating >> the shared hosting of many services >> - It describes server configuration issues that allowed easily >> deanonymizing the true IP Address of some hidden services. > > Forgoing the nonpublished services largely used only by their creators, > all the above regarding the publicly known services have been going > on in the wikis and other onionland metaprojects for many years.
Hello grarpamp, Thanks for the perspective. I'm not a Tor expert yet. I have been way off on the sidelines until recently, not taking close, consistent interest until this year. I haven't read most of the research that's been done, and I may not recall all that I have read! You may be right in everything you say, but you technically omit the category "nonpublished services used NOT only largely by their creators but perhaps by groups that are not so public." The wikis and indexes both on onion and the open web contain only a very small number of services in comparison to the sample this study collected primarily in only a two hour period (if I recall correctly). The server configuration issues I'm sure are well known to experts (in this case the primary issue highlighted was shared or public-internet SSL certificates; extremely easy to take advantage of and be quite certain of the results immediately), but I don't know if statistics on them over Tor were available, especially for a broad range of hidden services, not just well-known ones. Even when the services are set up for an individual's own use, the issue may be relevant. And having multiple studies that shine a light on real data on these things not only may clarify issues better, but since past studies presumably were performed in different ways, also act as a reminders of ongoing issues (and need for education). Also if the past data is comparable, it gives a progress report. As Tor gets better at anonymizing connections, gathering statistics like this will become more difficult, so anything we can learn now may help guide future decisions. > >> The prior points are of social and historic value. ** I'm off to UN Int'l Day of Charity panel webstream in a few mins, 1500-1800 EDT, 2100-0000 CEST, etc. :) http://webtv.un.org (stream) http://www.un.org/en/events/charityday/events.shtml (panelists/info) ** Cheers, Asa -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
