Delivery-Date: Wed, 13 Aug 2014 20:19:05 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B76951E0E20;
	Wed, 13 Aug 2014 20:19:03 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BB27E2FB5B;
	Thu, 14 Aug 2014 00:19:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id D73E12FBB5
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 00:18:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id dOdVlx7QQpeo for <tor-talk@lists.torproject.org>;
 Thu, 14 Aug 2014 00:18:56 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id C00462FB5B
 for <tor-talk@lists.torproject.org>; Thu, 14 Aug 2014 00:18:56 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id 37EE11E0E20; Wed, 13 Aug 2014 20:18:54 -0400 (EDT)
Date: Wed, 13 Aug 2014 20:18:54 -0400
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20140814001854.GO8819@moria.seul.org>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Aug 13, 2014 at 10:06:00AM +0000, blobby@openmailbox.org wrote:
> If it's possible for the owner of a hidden service (whether the FBI
> or a regular person) to install malware which grabs visitors' IPs,
> then what is stopping any hidden service owner from doing this?

See
https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
and
https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
plus all the discussion under it.

Browser security is a big issue because there's so much surface area
to secure.

The defense is to stay up to date on your browser. It's not perfect
but it sure does help (and it was sufficient in this case).

> How, in this case, was it possible for the FBI to learn the IP
> addresses of visitors to this hidden service? The Tor hidden server
> page states that "In general, the complete connection between client
> and hidden service consists of 6 relays: 3 of them were picked by
> the client with the third being the rendezvous point and the other 3
> were picked by the hidden service."
> 
> Can someone knowledgeable please explain how visitors to a Tor
> hidden service can have their real IPs detected?

In addition to the above links, you might also like
https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-7th-2013
https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-14th-2013
https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

