It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization

page: 1

log in


posted on Aug, 12 2013 @ 01:09 PM
I wasn't quite sure where to put this but no one ever said this forum was strictly Question/Answer, as in having to wait for a question first, right?

Many folks have asked and wondered how TOR works on the technical and fundamental level. I've tended to describe it like "Hyperspace". Where your ISP can see you enter the wall of encryption to the Onion world and if leaving to surf the open net, someone on an exit node can see "someone" pop out....with no way to know where they came from or who the someone is.

This is a report I came across which goes into a great deal of detail on how the TOR network functions or, in some cases, definitely fails to function as advertised. TOR is a place where user discretion not only takes on whole new meaning, but requires a whole new level of personal responsibility and due diligence. This explains whys and hows for the more technically minded and curious, though.

Abstract—Tor is the most popular volunteer-based anonymity network consisting of over 3000 volunteer-operated relays. Apart from making connections to servers hard to trace to their origin it can also provide receiver privacy for Internet services through a feature called “hidden services”.In this paper we expose flaws both in the design and implementation of Tor’s hidden services that allow an attacker to measure the popularity of arbitrary hidden services, take down hidden services and deanonymize hidden services.

We give a practical evaluation of our techniques by studying: (1) a recent case of a botnet using Tor hidden services for commandand control channels; (2) Silk Road, a hidden service used tosell drugs and other contraband; (3) the hidden service of theDuckDuckGo search engine.

Keywords-Tor; anonymity network; privacy; hidden services
Source (15 Page PDF)

I wouldn't call it light reading, but then many here appreciate technical over fluffy MSM information on things like this, so I figured it's a safe place to offer it up for all to benefit from.

edit on 12-8-2013 by Wrabbit2000 because: minor correction

posted on Aug, 12 2013 @ 01:40 PM
reply to post by Wrabbit2000

linkTOR has been compromised by the NSA or FBI, depending on who you ask. They exploited a bug in Firefox using java script that basically tells all they need to know to find out who you are.

As usual they claim that it was for child porno, which that could be one of the reasons but im betting it was for a lot more than that also.
They probably didnt like the idea of the encrypted, anonymous TORmail

The founder of Freedom Hosting has been arrested in Ireland and is awaiting extradition to USA. In a crackdown that FBI claims to be about hunting down pedophiles, half of the onion sites in the TOR network has been compromised, including the e-mail counterpart of TOR deep web, TORmail. This is undoubtedly a big blow to the TOR community, Crypto Anarchists, and more generally, to Internet anonymity. All of this happening during DEFCON. If you happen to use and account name and or password combinations that you have re used in the TOR deep web, change them NOW.

posted on Aug, 12 2013 @ 01:50 PM
reply to post by Sharingan

Indeed. I've seen that story and it's one of multiple methods this report looks at for how TOR can and has been compromised. This just takes it beyond the media level of dumbing down the model for how TOR functions and gives a much more in-depth explanation. It's not anything near the level of a Network Engineer, of course. However, it's far enough above average so I figured it would help explain the function and scale of it all to those I know have been sincerely curious.

posted on Aug, 12 2013 @ 02:00 PM
I peaked behind the curtain once.

Nope, nope, nope.

Not interested. There's just way to much malicious stuff out there, and it is way to easy to stumble upon something illegal. This is true especially if you don't FULLY understand how TOR works.

What I don't get is why people have _javascript turned on when using TOR in the first place? All the FAQ's and tutorials I've read/seen tell people to turn _javascript OFF, as it can be exploited.

posted on Aug, 15 2013 @ 08:52 PM
reply to post by MystikMushroom

Well disabling _javascript is going to break half the internet for you. TOR was probably using some old Java unless this was a new exploit found in their new Java 7 platform. In any case TOR should be using Java 7. This exploit has been fixed apparently in their new build which they probably did use the new Java. I noticed that the TOR browser has little settings for the user to change and _javascript is turned on by default. You can however still change it by using the about:config to bypass it. Once in there just search java the string is called _javascript.enabled I think. You just right click and toggle it from true to false. Refresh the page and java should be turned off.
edit on 15-8-2013 by sean because: (no reason given)

new topics


log in