On Wed, Aug 13, 2014 at 10:06:00AM +0000, blo...@openmailbox.org wrote: > If it's possible for the owner of a hidden service (whether the FBI > or a regular person) to install malware which grabs visitors' IPs, > then what is stopping any hidden service owner from doing this?
See https://lists.torproject.org/pipermail/tor-announce/2013-August/000089.html and https://blog.torproject.org/blog/tor-security-advisory-old-tor-browser-bundles-vulnerable plus all the discussion under it. Browser security is a big issue because there's so much surface area to secure. The defense is to stay up to date on your browser. It's not perfect but it sure does help (and it was sufficient in this case). > How, in this case, was it possible for the FBI to learn the IP > addresses of visitors to this hidden service? The Tor hidden server > page states that "In general, the complete connection between client > and hidden service consists of 6 relays: 3 of them were picked by > the client with the third being the rendezvous point and the other 3 > were picked by the hidden service." > > Can someone knowledgeable please explain how visitors to a Tor > hidden service can have their real IPs detected? In addition to the above links, you might also like https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-7th-2013 https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-14th-2013 https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
