[email protected] writes: > How would it be possible for an adversary to learn that Person X > rented a Tor hidden server from a hosting company that provided > .onion domains and hosting (assuming that Person X paid for his/her > hosting with Bitcoins and did not do anything stupid to tie his or > her 'clear web' identity to his or her .onion identity)?
One avenue of attack would be the channel of communication that that person uses to administer the server. For example, they might use ssh over Tor to log in to administer it. A very powerful adversary, or an adversary who was already watching a particular user and a particular server or hosting facility, could try to associate these traffic flows. Another avenue would be trying to deanonymize the payments. Bitcoin has some risks for users' anonymity, including observing the IP address that relayed a transaction, and trying to trace the payment history of particular coins backwards to learn where they previously came from. There's been a fair amount of research interest in trying to find the physical server that corresponds to a particular hidden service. There are a lot of ideas for that; some of them involve generating distinctive traffic to the hidden service and seeing if similar traffic emerges somewhere on the Internet, or trying to attack or disrupt different physical-world hosting facilities to see which attacks cause disruption for the reachability of the hidden service. (The adversary can also operate Tor nodes and hope to be chosen as an entry node by the hidden service.) In the scenario you asked about, though, the adversary might possibly already know where the hidden service's server equipment is physically located and just be unsure where it was being administrated from. -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
