
Malicious computers caught snooping on Tor-anonymized Dark Web sites - nols
http://arstechnica.com/security/2016/07/malicious-computers-caught-snooping-on-tor-anonymized-dark-web-sites/
======
kyboren
I host multiple onion services, mainly for email proxies and firewall
traversal, and this is exactly the reason I use stealth onion services.

With this setup, only those client machines onto which I pre-load a cookie can
decrypt a per-client encrypted copy of the "introduction point contact info"
part of the descriptor. Malicious HSDirs wouldn't even know where to introduce
themselves to my services, let alone the correct cookie for the INTRODUCE2
cells.

If you want to host an onion service, but don't want it publicly accessible,
use 'HiddenServiceAuthorizeClient'.

~~~
dmix
This built into the tor server software? It parses cookies?

This makes me want to learn how hidden services work. I'm curious how complex
the code is.

~~~
ryanlol
No, the cookie is set in the config file.

Search for HidServAuth and HiddenServiceAuthorizeClient at
[https://www.torproject.org/docs/tor-
manual.html.en](https://www.torproject.org/docs/tor-manual.html.en) for
further elaboration.

~~~
dmix
Yes clearly the client needs to store a cookie somewhere (config files, db,
browser) but the server needs to parse it in order to authenticate the user.

Thanks for the link.

------
pdimitar
Isn't it obvious by now that Tor is outdated and instead of trying to repair
it, something next-gen should be devised? IPFS looks like a good starting
point, and unlike Tor, it sounds like it has a real shot to evolve if enough
people stand behind it (since its various components aren't glued together and
allow for new protocol elements in the stack).

I am aware IPFS has limitations and that there are valid P2P attacks to which
it either couldn't resist well (reduced capacity) or it could straight out
give away its users IP addresses -- but hey, in my opinion Tor has been mostly
compromised by authorities around the world and is currently widely used to
persecute people -- some of which might simply be paranoid like myself and
dislike being tracked, _without doing anything illegal_.

Doesn't that mean that Tor has outlived its usefulness?

Must we be afraid or tracking and profiling everywhere we go on the net? Have
the bad guys already won?

~~~
deftnerd
Tor has suffered a lot of bad PR, FUD, and failures lately. I'm beginning to
lose faith in the network itself.

I attempted to ask some of the developers if there was, or any interest in, a
Javascript version of Tor. My thought was that Electron apps or clearnet
websites could use the javascript to load resources or data from onion
addresses.

The push back I got from the concept made me feel sad. Some of the responses I
got varied from "By only having one reference Tor, it keeps the whole network
safe" to "Mixing clearnet with Onion access will make people unsafe."

Tor is doing a good job with the mission purpose of providing one software
application that allows an individual to communicate with the world, even
inside of a nation that practices extreme censorship.

But for the purposes of preventing the US, the largest and most prevalent
state actor, from monitoring the entirety of the network? It seems to be
failing.

For the purpose of hiding the source of an onion website, the jury is still
out. It appears that the US government has enough of a view into the Tor
network that they're able to often deanonymize the hosting location of the
backend server.

They've been talking about refactoring the hidden service portion of the code
for a long time now but I'm worried that all of the hits the project has taken
lately will make that too little, too late.

~~~
mike_hearn
If you're thinking about desktop apps, then one way to do it is simply ship a
Java app that embeds WebKit (if you insist on using HTML even when a real
widget toolkit is available). There is a Java Tor client available that can be
embedded called Orchid, and then binding Orchid through to the Javascript
world is not very difficult. It'd be a weird way to do things though. May as
well just ship all needed data files and resources in the app itself.

On the wider issue, I don't know if Tor is really doing such a great job of
helping people in censoring states. Whenever I hear about Chinese people
crossing the firewall it's _always_ with VPNs and never Tor, which is
thoroughly blocked for a long time now. One of the theories of Tor was that if
there was lots of legitimate usage, it'd be harder to filter out Tor traffic
("anonymity loves company" they call it), but that goal was clearly better
achieved using VPNs which impose minimal performance costs and has left Tor
itself largely isolated.

This sort of attack on the Tor network by large groups of malicious nodes is
inevitable in a borderless community where there is no procedure for vetting
or ID verifying new node operators. Tor assumes ideological loyalty from its
node operators, that's a fundamental security assumption, but at the same
time, a part of the Tor ideology is that there's no vetting procedure for
nodes, nor are there any real rules for running them beyond a few trivial
ones, and anyway without the former there's no way to enforce the latter. Tor
is built on a giant contradiction, essentially.

Of course that's not a problem unique to Tor. All communities that make
majority trust assumptions without any way to control group membership have
that problem. Bitcoin has suffered from this too, as has the British Labour
party (which recently changed its rules to allow anyone to become a member by
paying just £3, a move which immediately led to Corbyn and may yet lead to
~all existing MPs being fired and replaced by hard-left zealots).

~~~
pdimitar
> This sort of attack on the Tor network by large groups of malicious nodes is
> inevitable in a borderless community where there is no procedure for vetting
> or ID verifying new node operators. Tor assumes ideological loyalty from its
> node operators, that's a fundamental security assumption, but at the same
> time, a part of the Tor ideology is that there's no vetting procedure for
> nodes, nor are there any real rules for running them beyond a few trivial
> ones, and anyway without the former there's no way to enforce the latter.
> Tor is built on a giant contradiction, essentially.

Yep, exactly. How exactly do you build a strong anonymizing service all the
while assuming benevolent nodes? Doesn't make any sense to me.

Too much naivete in the programming profession, I feel. It makes for pretty
hilarious fails periodically.

EDIT: For the downvoters: I apologize if the language is too blunt. But those
of us who aren't actively developing Tor have the benefit of being slightly
more objective towards it -- that's how I feel. I might be harsh by expressing
it, in which case I am sorry; I don't aim to be ungrateful, only skeptical of
its current technical design philosophy.

