Delivery-Date: Wed, 13 Aug 2014 17:01:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B0BAE1E0E01;
	Wed, 13 Aug 2014 17:01:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E3D0330905;
	Wed, 13 Aug 2014 21:01:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 39BA930932
 for <tor-talk@lists.torproject.org>; Wed, 13 Aug 2014 21:01:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id HNV8mpt94STs for <tor-talk@lists.torproject.org>;
 Wed, 13 Aug 2014 21:01:36 +0000 (UTC)
Received: from mail-wg0-x22b.google.com (mail-wg0-x22b.google.com
 [IPv6:2a00:1450:400c:c00::22b])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id E538A30905
 for <tor-talk@lists.torproject.org>; Wed, 13 Aug 2014 21:01:35 +0000 (UTC)
Received: by mail-wg0-f43.google.com with SMTP id l18so272372wgh.2
 for <tor-talk@lists.torproject.org>; Wed, 13 Aug 2014 14:01:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=UNqu9eCLK+/UZkdoLb7/YR+eLhQysn7ydPJ9e7rNrYw=;
 b=bQ2IMySXEXjhTHx3BvmLW+LG5Doz3x347YrA+0PFlYPgMYWlu1lRSKAFKW/h7dYdWT
 2kg5sZ98nTmy+KDaZr0MW4tqZvwzdAdVueNPFyyZz7+/UZywt5NqkJ2zWE4uvs660uXO
 FRmNEw0Vua7fjSPt++90pDpcBxcI1wBmMwjQhKm0OQTYyYl/zQ0UaBX5vM0A+3FCV9RF
 q3Y48aLl7a26KzTo+mJKYHkiyn5mWvS0KS3kqZOfAtIDWOyCVLUUW32zoj8N9SbWnBrN
 9Idf+PDbHKzQk3uglXLzigYIktPZJHiVa+Yp2LVg/CFEgFJzJrxokN1YX4njXZdqdZCP
 IQug==
MIME-Version: 1.0
X-Received: by 10.180.95.66 with SMTP id di2mr7171138wib.60.1407963692938;
 Wed, 13 Aug 2014 14:01:32 -0700 (PDT)
Received: by 10.180.187.16 with HTTP; Wed, 13 Aug 2014 14:01:32 -0700 (PDT)
In-Reply-To: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
Date: Wed, 13 Aug 2014 23:01:32 +0200
Message-ID: <CAKkunMats8JoVc8wqYrMtWE4f0gTA7RVVWirhuJz6t9sA5dDQQ@mail.gmail.com>
From: Anders Andersson <pipatron@gmail.com>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Aug 13, 2014 at 12:06 PM,  <blobby@openmailbox.org> wrote:

> If it's possible for the owner of a hidden service (whether the FBI or a
> regular person) to install malware which grabs visitors' IPs, then what is
> stopping any hidden service owner from doing this?

Nothing is stopping a hidden service owner from doing anything that an
operator on the open net can do.


> Considering the number of individuals that must have visited the hidden
> service, this doesn't seem to be very many people. Why were so few
> identified? Were the 25 using outdated browsers (TBB)?
>
> How, in this case, was it possible for the FBI to learn the IP addresses of
> visitors to this hidden service? The Tor hidden server page states that "In
> general, the complete connection between client and hidden service consists
> of 6 relays: 3 of them were picked by the client with the third being the
> rendezvous point and the other 3 were picked by the hidden service."
>
> Can someone knowledgeable please explain how visitors to a Tor hidden
> service can have their real IPs detected?

AFAIK the malware used javascript to break the users' browsers. As
someone who argues against using javascript in any context, I can only
say "told you so", but that doesn't really help anyone. :)

Because they managed to get in to the client browser, they could learn
the real IP address and MAC address, they didn't learn this through
Tor.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

