On 8/22/16, Nurmi, Juha <[email protected]> wrote: > - Looking tor2web proxy stats > - Looking leaked DNS requests (soon impossible) > - DHT spying (this should NOT be done and it's technically impossible in > the future)
These are all basically spying, but they are useful and there are always those who research or publish them freely for others to use. Sure, legit researchers (by whatever standards) might heed discouragement, but it's important to remember that others have not since the day onions were first invented. That's why I always say users should use stealh or application level authentication until then and take precautions. Even after. How do you say leaking DNS is "soon [made] impossible" by anything tor does? ie: tor itself already never leaks what is sent to its socks5 port. Any such leaks come from user config and usage errors in their userland with their userland apps and packet filters. If you're talking TBB, that's something different. Other things like Whonix are not tor. > - Crawling onion sites > Anyway, you are not going to find every existing onion address. Custom spidering used to do a very good job here. Though growth broadened what could be effectively found and targeted that way, and targets are dropping out all the time as usual. So researcher and search portal discovery delay is now longer and the depth shallower. It's at the point you're better off buying a google search server and plugging it in. > How researches have been testing these addresses: > ... > Again, there are a lot of onions out there but nobody really knows what > services they are offering. So long as someone publishes their address, discovering service isn't hard. Yes there are clearly a lot of unpublished onions. My inbox always accepts lists people wish to publish to it. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
