On Thu, 26 Jun 2014 00:50:29 +0000, Tor Talker wrote: ... > > enough to do it securely enough. Also, hidden services are far more > > vulnerable than Tor users, simply because they serve stuff. ... > What sort of vulnerabilities would you expect to see?
Problem: Your hidden server can be made to talk by accessing it (which is not the case for tor clients). Thus correlation attacks are possible if you have access to the bandwith data of a server you suspect to be a hidden service. Also the downtime of a hidden service could be correlated with obtained downtimes of IP addresses of machines at usual hosting providers (or elsewhere; apparently pinging the entire v4 internet is quite feasible nowadays). Which means it might be advisable to run the hidden service in multiple instances (no load balancing thereby, though), and use a rock-solid server and connection. Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
