Oskar Wendel writes: > Does it apply also to traffic going from/to hidden services? How safe are > users of hidden services when compared to users that browse clearnet with > Tor?
The hidden service users can be identified as users of the individual services using the same sybil approach: if a user uses a particular guard node and the hidden service uses a guard node controlled (or observed) by the same entity, that entity can correlate the traffic between the two. I don't know how easy it is to infer right at that moment that the communication is between a user and a hidden service rather than between two users intermediated by something else. However, the attacker can potentially realize that it's a guard node for some hidden service because a particular user connects to the guard node all the time, has a high traffic volume, and for some hidden services, uploads more than it downloads on average (which is the reverse of the usual pattern for a Tor Browser user). (That inference might be even easier if the hidden service's guard node just notices whether that user tends to upload a little data followed by downloading a lot of data, or download a little data followed by uploading a lot of data, since web browsers usually do the former and web servers usually do the latter.) The guard node has a conceptually harder task in figuring out _which_ hidden service it's a guard node for. There has been a lot of research that touches on this issue and it's clearly not as easy for hidden services to conceal their identities from their guard nodes as it should be, especially if the guard nodes actively experiment on the hidden service. One example that shows why this is a difficult problem is that if you control a guard node and you know about the existence of a particular hidden service, you can connect to the hidden service yourself and see if that results in any traffic coming out of your guard node. You can also deliberately shut down clearnet traffic to and from your guard node for a few seconds at a time at randomly-chosen moments and see if that results in outages of availability for the hidden services at the same moments. I think some of these ideas are developed in published papers and I'm sorry for not thinking of which papers at the moment. You can see that this can make the situation of the hidden service somewhat precarious. See also https://blog.torproject.org/blog/hidden-services-need-some-love There might be some more hope in the future from high-latency services (based on examples like Pond), or, based on what some crypto folks have been telling me, from software obfuscation (!!). -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
