On Wed, 6 Mar 2013 04:53:05 -0500, Roger Dingledine wrote: > Hidden services are definitely weaker than regular Tor circuits, > a) because the adversary can induce them to speak, and b) > because they stay at the same place over time. Mostly 'a'.
On Wed, 6 Mar 2013 17:13:23 -0500, Roger Dingledine added: > But for a hidden service, they can cause you to initiate a > connection just by visiting the hidden service. And they can > do it as often as they want. I agree with tor@x...x (on Wed, 06 Mar 2013 21:34:29 +0000) that separating hidden services from Tor clients on different machines (virtual or better, physical) prevents them from finding their IP addresses, even if they are compromised. However, as Roger notes, hidden services typically do "stay in the same place". And adversaries can of course "induce them to speak", "as often as they want" (and in whatever patterns that they specify). Even so, if there are multiple hidden service instances with the same credentials, clients will get whichever instance has announced most recently. Also, given that hidden services and Tor clients are running on different machines, one hidden service machine could access multiple Tor client machines over back channels such as VPNs, Tor and/or I2P. Alternatively, or in addition, multiple hidden service machines could rely on back-end data stored in globally distributed and redundant fashion (using Tahoe-LAFS, for example) and accessed over various back channels. In that way, hidden services could move, either randomly or in response to suspected attacks. And the data that they serve would not originate in one particular place. Also, being stored in globally distributed and redundant fashion, the data would be very hard to identify and eliminate. What have I missed? _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk