This is not a "0day".
>As it turns out, this is an open secret among the internet service community: You are not anonymous on Tor.
Careful there with the big assertions.
>The last hop is the exit node. It can see all of your decrypted network traffic.
I thought we were talking about onion services here, why the subtle context switch? Does the author even know that onion services don't use exit nodes at all?
>(Don't assume that HTTPS is keeping you safe.)
>One claimed to see over 70% of all internet traffic worldwide. Another claimed over 50%
The key word here is "claimed".
>If you're a low volume hidden service, like a test box only used by yourself, then you're safe enough. But if you're a big drug market, counterfeiter, child porn operator, or involved in any other kind of potentially illegal distribution, then you may end up having a bad day.
I like how the author assumes that these are the only two uses of Tor.
>you simply need a list of known onion services
Good luck getting that with v3 addresses (unless the author of the service has poor OPSEC).
Not to mention that Tor has provided many fixes for the DDoS issues, but the author obviously didn't mention them.
because https depends on certificate authorities and CAs depend on coercible companies which depend on governments from not molesting them.
The existence of QUANTUM INSERT and FOXACID attacks show CA-based authentication is weak (either due to their keys being compromised or coerced). DigitNotar also got pwned.
Strong authentication is one of the unrivaled advantages to onion addresses in tor.
The CIA also advocates to not solely rely on TLS for transport encryption: https://news.ycombinator.com/item?id=24426818
Does this mean that traffic correlation and confirmation attacks cannot be performed on users of hidden services?