Delivery-Date: Fri, 19 Feb 2016 02:50:28 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4BBDF1E0422;
	Fri, 19 Feb 2016 02:50:26 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id F3A1A396A9;
	Fri, 19 Feb 2016 07:50:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 14B573967D
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 07:50:19 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id xSa-JDhkoWn1 for <tor-talk@lists.torproject.org>;
 Fri, 19 Feb 2016 07:50:19 +0000 (UTC)
Received: from mail-pa0-x22b.google.com (mail-pa0-x22b.google.com
 [IPv6:2607:f8b0:400e:c03::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id D76423964D
 for <tor-talk@lists.torproject.org>; Fri, 19 Feb 2016 07:50:18 +0000 (UTC)
Received: by mail-pa0-x22b.google.com with SMTP id fy10so46092106pac.1
 for <tor-talk@lists.torproject.org>; Thu, 18 Feb 2016 23:50:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=subject:to:references:from:message-id:date:user-agent:mime-version
 :in-reply-to:content-type:content-transfer-encoding;
 bh=rbtu77L7YhRuAx9S0ppniyy2/5fi0vwU9/VHiINAXig=;
 b=tg8tN69lIlpgXMlzFAxi7vxZ7Th7toJNoNosQKq6CnCtotdgr0VpN0pLrEv/llEAu1
 VZ0kmcHbN999eqvcNVmcCxg2yWSRrsoDRHJx7j+k+FjEns1yPlXhryoW/hMqLDkVW2Ik
 mKBm/lyGsFyH4+YuC54+NlLMqxO9SUuyUtp2eTNb+7N+IFZ1HQbSrUettwrd1kVkHDAP
 4JvcjmuUzemwZr4nysohIKYgGvEcKJMa/D+gUTizhuqHNlOcQn25g1EcGhEDhZzAfmLW
 Eisdoli3ca+rRUWkRhfaNj7/V+3iL8xEBT9RmO8NNKsa3jT5ai6wnhEfi6XwirqhvurD
 AKww==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-type
 :content-transfer-encoding;
 bh=rbtu77L7YhRuAx9S0ppniyy2/5fi0vwU9/VHiINAXig=;
 b=ASUe+03VVLC1hG4bv1BIPaQ+XtAoLQFpxYZ5+2n0QTB/ZE2jm3i/JcM7k+aDuDi8VF
 YrYVO6+HDbDKVO8ltMv0OkRqKUz8FRJncYtiqUsPMb2LG8mQVGmFp9vQtcKSBqM865rt
 f7QN+zLthQ1dLpaR27vTiesiBwZqSGdG6bxM4AOyGVkCoy+TFHFbs5L3KYtuDtug3khR
 pesoCuVlnB1GjjDqisxpWp2tKctsoJoQD4zYY9MVn/hXZdxglBYEVS73Jwy1lJRWpTgE
 IL7cOjNE+nKG3FjjmOANoY12htYx7JfP1XKmC0ZTMEkmUtir5gL1PxOwi3EF4jY8UFcS
 lXfQ==
X-Gm-Message-State: AG10YOQeaLqY2m/0OkfoSwo3gRJfV5ovL8Brgxu/xFPo9B72T2N5fKSE0p5mNabZRa53IA==
X-Received: by 10.66.159.136 with SMTP id xc8mr16255602pab.71.1455868216463;
 Thu, 18 Feb 2016 23:50:16 -0800 (PST)
Received: from [10.137.2.55] (ip68-97-35-223.ok.ok.cox.net. [68.97.35.223])
 by smtp.googlemail.com with ESMTPSA id v7sm15378700pfi.56.2016.02.18.23.50.13
 for <tor-talk@lists.torproject.org>
 (version=TLSv1/SSLv3 cipher=OTHER);
 Thu, 18 Feb 2016 23:50:14 -0800 (PST)
To: tor-talk@lists.torproject.org
References: <A154C659-98B9-4B5A-AE8B-89A67EA8BF78@riseup.net>
 <20160218102232.GF522@riseup.net>
 <1455791363286-17a6f558-170f335c-e09f3707@cryptolab.net>
 <B1DF85FA-1505-4531-AE74-9F573E654CBA@riseup.net>
 <20160218155107.GA10235@moria.seul.org>
 <CAL3oi7bZxA1T0Kyqgg3eJ_RjxgLt9dV8Ciu90OXMXKX3L=cfLA@mail.gmail.com>
 <CAD--ZDWjv73D9WDPXizYeb6G5wgaVhoU3_oLtF5+LpW_rsLjnQ@mail.gmail.com>
 <CAC+VsLt_jL3eZ+DqU4r7X2R7UiSTcHC7xFKvWfZUY5RWwEbspA@mail.gmail.com>
 <1455821568637-16a57a55-60666851-0834de3b@cryptolab.net>
 <229f25b3dc53e572e3e7e75926a855e8@cannon-ciota.info>
 <56C6C6EA.7060203@gmail.com>
 <96390cbd31f12c0488be5ee3f6914d76@cannon-ciota.info>
From: Jeremy Rand <biolizard89@gmail.com>
Message-ID: <56C6C933.5050309@gmail.com>
Date: Fri, 19 Feb 2016 01:50:11 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <96390cbd31f12c0488be5ee3f6914d76@cannon-ciota.info>
Subject: Re: [tor-talk] large increase in .onion domains
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/19/2016 01:44 AM, CANNON NATHANIEL CIOTA wrote:
> On 2016-02-19 01:40, Jeremy Rand wrote: On 02/19/2016 01:37 AM,
> CANNON NATHANIEL CIOTA wrote:
>>>> 
>>>> That chat program you are referring to would be ricochet IM
>>>> 
> 
> Well, there was something called TorChat which fits that
> description, but TorChat hasn't gotten any security updates or
> maintenance in years, so Ricochet is pretty clearly preferable.
> 
> Cheers, -Jeremy Rand
> 
> I also know latest version of Bitcoin Core has capability of 
> automatically creating .onion host, maybe the testing of that could
> have been result in spike as well? Though I am leaning more towards
> botnet or malware being the likely reason behind jump in hidden
> services.
> 

It's been a while since I looked at that Bitcoin Core feature, but I'm
pretty sure it only creates a .onion when it detects that Tor is
already running when Bitcoin Core boots.  So I think it's unlikely to
generate even close to as many new .onion hosts as we're seeing now.
A botnet seems more likely to me.  Of course, I have no actual data to
back up my guess.

Cheers,
- -Jeremy Rand
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWxskYAAoJEAHN/EbZ1y06p/4P/jym7y0/h45JYqV4Q6/P0M3Q
KbfSBp6dt329iZBFtxrYb+31mKljZF2yoLzg3+TZXl74Hyejfpp0Cdd8kH2M+iLI
+YY7BeLJoIH8tWtZf+rQhmjugBIx/kqfW0OtM11x834UaRZPWdiWfDqjn6FaP6nM
PmTJVpfFKekjNxS4OdNGKPz3o1gufZ9az8UEqXc3VQYekiIDLG4+M5CFaxllMUyR
3sSKBs3qW7pHnuqXwHeFJ+LkpAF+14r7ZruV6obFBW8Ylaa7blIehAotrCPCz/it
DoiUpM0ShhGXoC2f29M4nDytc2ojC57K8/sTkVuoT59gE6TCK1v90TBn70iU9HFI
cPXshkRkI/hv7OmpfHiWdBwwZLYjrnKNUa2JL46CKqzsGq0SGmMaL4iAyyFxU3yC
2tYeR8LODjadcOqhB/2td8pAQyx8XQb8mPjI4LT7xKpXufyQ9lp5L6h6Nj/n/GaT
KByg7A0dvetKk8+x0uDtbp63DIiQznIZGmIdqwdIFKzHC2Fi0RmiwFKc2M/onme0
y/Vzu+n34yctsIm0YwZ5aiYw52/9l6ZGSGQnMOz2wiP8iSVXTGSlp8Kq7yfxH6Cu
6kk2swROUj326cjie6aNGqsuW118P/CLltbg97FfKgohYg1mreOkjJLdm+nLT8Ny
0UmDHz6X92PAdP/ImFn3
=Mk3j
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

