How strong is the anonymity of a hidden service compared to an average Tor client? How much easier is it to learn the Hidden Service's IP address?

  • Another way of putting this: How hard would it be to de-anonymize a hidden service? By "de-anonymize" I mean revealing the IP address of whatever server the hidden service is hosted on. Of course, this wouldn't necessarily mean revealing the identity of the person who is running the server (or paying someone to run the server). And there are other complications: it could be running on a VPS, and so on.

    But I don't want to over-complicate this. The question is, how easily could an attacker find out the IP address of a hidden service compared to finding a Tor user's IP?

    I am assuming that this blog post is still accurate in describing some of the current problems with hidden services that need to be addressed.

    An adversary knowing about a hidden service can make the hidden service talk by creating (lots of) connections to it.

  • Alaf's answer is a good start. Describing all known attacks on Tor and how they apply to hidden services is a broad task and not really suited for a little text box here. :)

    But I'll give you an example. If I run a middle relay (neither a Guard nor an Exit), then I can visit your hidden service over and over and eventually you will use my relay in one of the circuits you make to answer my requests. That won't tell me where you are, because there's still another relay in the way. And that's exactly what guards are for: https://www.torproject.org/docs/faq#EntryGuards

    This attack is described in more detail in http://freehaven.net/anonbib/#hs-attack06

    This attack works better on hidden services than on normal Tor users, because I can control the rate at which the hidden service makes new circuits (whereas for normal Tor users I typically have to wait until they choose to make another circuit).

    Then the question is: how do I use knowledge of your guard relays to deanonymize you? One answer is to break into the guard and/or watch its network. Maybe some large adversaries would find that a reasonable attack.

    Another answer is to run a few guards, and wait and be patient. Eventually (meaning months) the hidden service will rotate its guard nodes, and it might pick my guards. Then I can do the attack again and win. Some further reading:

    https://blog.torproject.org/blog/research-problem-better-guard-rotation-parameters

    http://freehaven.net/anonbib/#wpes12-cogs

    http://freehaven.net/anonbib/#ccs2013-usersrouted

    Now, this isn't a complete set of possible attacks. Maybe an adversary who finds breaking 1024-bit crypto easy would find it more fun to just break all the layers of crypto (assuming the hidden service hasn't upgraded to Tor 0.2.4.x yet).

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM