Delivery-Date: Wed, 02 Jul 2014 02:41:55 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id B21B01E0C63
	for <archiver@seul.org>; Wed,  2 Jul 2014 02:41:53 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2D1D22FD04;
	Wed,  2 Jul 2014 06:41:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2811A2FB97
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 06:41:31 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 1Z23ilg0FJBY for <tor-talk@lists.torproject.org>;
 Wed,  2 Jul 2014 06:41:31 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id F28E62F6E1
 for <tor-talk@lists.torproject.org>; Wed,  2 Jul 2014 06:41:30 +0000 (UTC)
Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 27A1C490DE
 for <tor-talk@lists.torproject.org>; Tue,  1 Jul 2014 23:41:28 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir@fruiteater.riseup.net)
 with ESMTPSA id 44DB9F40
Message-ID: <53B3A990.7020402@riseup.net>
Date: Wed, 02 Jul 2014 00:41:20 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <f0ed32b8cebd1062c60b786d04a9ecf0@openmailbox.org>
In-Reply-To: <f0ed32b8cebd1062c60b786d04a9ecf0@openmailbox.org>
X-Enigmail-Version: 1.6
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] How to identify owners of .onion services?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 07/01/2014 11:10 PM, williamwinkle@openmailbox.org wrote:
> =

> With all the talk about the N_S_A targeting traffic between exit nodes
> and destination websites, I am wondering how this may work for hidden
> services (.onion domains). There are no exit nodes as everything occurs
> within the hidden services network.

See posts in the Tor Project blog with the "hidden-services" tag[1].
Also see =D8verlier and Syverson (2006) Valet Services: Improving Hidden
Servers with a Personal Touch[2], Biryukov et al. (2013) Trawling for
Tor Hidden Services: Detection, Measurement, Deanonymization[3], and
Jansen et al. (2014) The Sniper Attack: Anonymously Deanonymizing and
Disabling the Tor Network[4], which are cited and discussed therein.

Then see Tor ticket 8106[5] for discussion and progress re Robert
Ransom's proposal for making .onion addresses harder to harvest by
directory servers. Proposal 224 (initially XXX) on this issue is
discussed in tor-dev, starting in October 2013[6,7]. Also see Hopper
(2014) Proving Security of Tor's Hidden Service Identity Blinding
Protocol Tor Project, Tech Report 2013-12-001[8]. As of 2014-03-14, the
milestone is "Tor: 0.2.6.x-final".

I haven't yet tracked the other key issues.

> How would it be possible for an adversary to learn that Person X rented
> a Tor hidden server from a hosting company that provided .onion domains
> and hosting (assuming that Person X paid for his/her hosting with
> Bitcoins and did not do anything stupid to tie his or her 'clear web'
> identity to his or her .onion identity)?

That depends on how thoroughly Person X had avoided association with the
server. They would have used Tor for all contacts and server
administration, of course. And they would have paid anonymously. Cash in
the mail is one option, given adequate protocol. Bitcoins are another,
but only after thorough anonymization via Tor.

Person X would have anonymized the Bitcoins through a chain of anonymous
wallets (e.g., Multibit clients in Whonix instances) using multiple
anonymous mixing services. And they would have carefully checked for
residual association using the "Taint Analysis" tool at
https://blockchain.info/. But even then, there may be traces.

[1] https://blog.torproject.org/category/tags/hidden-services
[2] http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
[3] http://freehaven.net/anonbib/cache/valet:pet2006.pdf
[4] http://www.robgjansen.com/publications/sniper-ndss2014.pdf
[5] https://trac.torproject.org/projects/tor/ticket/8106
[6] https://lists.torproject.org/pipermail/tor-dev/2013-October/005534.html
[7] https://lists.torproject.org/pipermail/tor-dev/2013-November/005877.html
[8] https://www-users.cs.umn.edu/~hopper/basic-proof.pdf
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

