Delivery-Date: Sun, 07 Sep 2014 15:25:17 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id D1E521E0AE8;
	Sun,  7 Sep 2014 15:25:15 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 95FF8235B2;
	Sun,  7 Sep 2014 19:25:10 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id B9B7223578
 for <tor-talk@lists.torproject.org>; Sun,  7 Sep 2014 19:25:06 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vnpwTTzWwrOu for <tor-talk@lists.torproject.org>;
 Sun,  7 Sep 2014 19:25:06 +0000 (UTC)
Received: from mail2.openmailbox.org (mail2.openmailbox.org [212.129.8.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 846012351E
 for <tor-talk@lists.torproject.org>; Sun,  7 Sep 2014 19:25:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail2.openmailbox.org (Postfix) with ESMTP id 59805202187
 for <tor-talk@lists.torproject.org>; Sun,  7 Sep 2014 21:25:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=openmailbox.org;
 h=user-agent:message-id:references:in-reply-to:subject:subject
 :from:from:date:date:content-transfer-encoding:content-type
 :content-type:mime-version:received:received; s=openmailbox; t=
 1410117900; bh=x01+R6ewzDtRBGlZ613Di4tZJYPWeqWDb3EyLSjSkrM=; b=l
 DMGrTFmdcWSTHn/m2BzhzVm50ZW5rdW+34mIHNn4q/aRORMQOPqf0TaauOyCO3x5
 huheNInfx7CkPXOyyakrddl34JZ0j665wtNLTbtCUlgXltnsJVjjUkDqarGy3kDG
 lPfkxN8jwzEcd3cc3QqmEMdnwRkXcLUtEwFTZJw11g=
X-Virus-Scanned: at openmailbox.org
Received: from mail2.openmailbox.org ([212.129.8.132])
 by localhost (mail.openmailbox.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id oyosoEvnAvhJ for <tor-talk@lists.torproject.org>;
 Sun,  7 Sep 2014 21:25:00 +0200 (CEST)
Received: from www.openmailbox.org (localhost [127.0.0.1])
 by mail2.openmailbox.org (Postfix) with ESMTP id A6F3A20008B
 for <tor-talk@lists.torproject.org>; Sun,  7 Sep 2014 21:25:00 +0200 (CEST)
MIME-Version: 1.0
Date: Sun, 07 Sep 2014 19:25:00 +0000
From: blobby@openmailbox.org
To: tor-talk@lists.torproject.org
In-Reply-To: <20140814001854.GO8819@moria.seul.org>
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
 <20140814001854.GO8819@moria.seul.org>
Message-ID: <cd0f0f8d006df59c665f6e8cba21e16f@openmailbox.org>
X-Sender: blobby@openmailbox.org
User-Agent: Roundcube Webmail/1.0.2
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 2014-08-14 00:18, Roger Dingledine wrote:
> On Wed, Aug 13, 2014 at 10:06:00AM +0000, blobby@openmailbox.org wrote:
>> If it's possible for the owner of a hidden service (whether the FBI
>> or a regular person) to install malware which grabs visitors' IPs,
>> then what is stopping any hidden service owner from doing this?
> 
> See
> https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html
> and
> https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable
> plus all the discussion under it.
> 
> Browser security is a big issue because there's so much surface area
> to secure.
> 
> The defense is to stay up to date on your browser. It's not perfect
> but it sure does help (and it was sufficient in this case).
> 
>> How, in this case, was it possible for the FBI to learn the IP
>> addresses of visitors to this hidden service? The Tor hidden server
>> page states that "In general, the complete connection between client
>> and hidden service consists of 6 relays: 3 of them were picked by
>> the client with the third being the rendezvous point and the other 3
>> were picked by the hidden service."
>> 
>> Can someone knowledgeable please explain how visitors to a Tor
>> hidden service can have their real IPs detected?
> 
> In addition to the above links, you might also like
> https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-7th-2013
> https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-14th-2013
> https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
> 
> --Roger

Thanks for these links. Illuminating reading.

However, the story I referred to has nothing to do with Freedom Hosting.

It refers to "Operation Torpedo" (get the joke: "tor" + "pedo").

Wired did a follow up to the original story on 26 August: 
http://www.wired.com/2014/08/federal-cybersecurity-director-guilty-child-porn-charges/

Original story (5 August): 
http://www.wired.com/2014/08/operation_torpedo/

As I mentioned, the original story has a link to the affidavit which 
contains information about the FBI malware.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

