Tor

The location hidden services have addresses who look very much like normal domains, except that they are random text strings (actually a hash of the services private key) who end with the special Tor-domain .onion. You must connect tusing a Tor-client to be able to access these sites. So what kind of .onion sites are there, as of today? What kind of sites do those who want to hide who runs the sites and where in the world they make available?

As someone who doesn't really use Tor a whole bunch, but just runs a relay, this was really interesting.

The Security and Privacy Day is a biannual workshop sponsored by the greater New York City area computer security research community for bringing area researchers together, fostering multi-institutional collaborations, and discussing and exchanging our ideas and experiences with security and privacy research. We invite you to attend and encourage you to submit a proposal for a poster or demonstration. Registration is required, if you plan to attend.

The 2008 S&P Day is hosted by Stony Brook University on Friday, May 30, 2008. While registration is free please register here by May 25.

...

Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems
We present a novel, practical, and effective mechanism for identifying the IP address of Tor clients. We approximate an almost-global passive adversary (GPA) capable of eavesdropping anywhere in the network by using LinkWidth, a novel bandwidth-estimation technique. LinkWidth allows network edge-attached entities to estimate the available bandwidth in an arbitrary Internet link without a cooperating peer host, router, or ISP. By modulating the bandwidth of an anonymous connection (e.g., when the destination server or its router is under our control), we can observe these fluctuations as they propagate through the Tor network and the Internet to the end-user's IP address. Our technique exploits one of the design criteria for Tor (trading off GPA-resistance for improved latency/bandwidth over MIXes) by allowing well-provisioned (in terms of bandwidth) adversaries to effectively become GPAs. Although timing-based attacks have been demonstrated against non-timing-preserving anonymity networks, they have depended either on a global passive adversary or on the compromise of a substantial number of Tor nodes. Our technique does not require compromise of any Tor nodes or collaboration of the end-server (for some scenarios). We demonstrate the effectiveness of our approach in tracking the IP address of Tor users in a series of experiments. Even for an under-provisioned adversary with only two network vantage points, we can accurately identify the end user (IP address) in many cases. Furthermore, we show that a well-provisioned adversary, using a topological map of the network, can trace-back the path of an anonymous user in under 20 minutes. Finally, we can trace an anonymous Location Hidden Service in approximately 120 minutes.

If only it wasn't the same time as World Science Festival's talk on quantum physics.

There have been a lot of questions today about just what the recent Debian OpenSSL flaw means for Tor clients. Here's an attempt to explain it in a bit more detail.

No TOR destinations are hidden from Bruce Schneier.

In a recent blog posting, a German operator of a Tor anonymous proxy server revealed that he was arrested by German police officers at the end of July. Showing up at his house at midnight on a Sunday night, police cuffed and arrested him in front of his wife and seized his equipment. In a display of both bitter irony and incompetence, the police did not take or shut-down the Tor server responsible for the traffic they were interested in, which was located in a data center, over 500km away. In the last year, Germany has passed a draconian new anti-security research law and raided seven different data centers to seize Tor servers. While back in 2003, A German court ordered the developers of a different anonymity network to build a back-door into their system.

I've started to run a Tor server thanks to the Tor on Debian page, which includes Ubuntu. Tor is an implementation of second-generation onion routing - an anonymity system enabling its users to communicate anonymously on the Internet. I've been watching the server stats like a hawk to see if there were any adverse effects. I've already defined the exit policy to not be an exit node because keeping my IPs from being blacklisted is important to the continued operation of this server. I've also set the bandwidth limit as to avoid an ugly bill at the end of the month. However, I do believe what's holding things back is the number of file descriptors. I'll look into changing that as soon as possible. Right now the default is 1024, however, it seems that 8192 is the amount they would like so I will be changing that this afternoon.

Looking at these stats, keep in mind the server was started around 19:00:

Fuck Big Brother.