[tor-dev] "Trawling for Tor Hidden Services: Detection, [...]"

Matthew Finkel matthew.finkel at gmail.com
Sat May 25 17:01:48 UTC 2013


On Fri, May 24, 2013 at 12:32:20AM -0400, Jon Smithe wrote:
> Hi,
> 
> > As for the deanonymization attack, I think it is pretty novel in that it
> > uses a custom traffic signature to make the attack from
> > http://freehaven.net/anonbib/cache/hs-attack06.pdf more reliable, but
> > otherwise that is why we introduced guard nodes.
> 
> The math behind this concept is not overly compelling or I'm just
> dumb, both are probable and neither are mutually exclusive, but if I
> were looking for a state-based backdoor, I'd imagine it to look a bit
> like this (which is not to imply that is the case here by any means).
> 
> Jon

Hi Jon!

You make some interesting and valid points, however this is the type of
statement that spreads fud and it doesn't help anyone.
Please see bug #8240 [0] which contains a detailed discussion of this
topic.

tl;dr This is being worked on, 0.2.4 addresses many of these problems
and 0.2.5 will continue to make improvments.

Whether or not you were implying this situation was a calculated
decision that resulted in a "state-based backdoor", it is the
insinuation of such a thing that can hurt Tor's reputation.

- Matt

[0] https://trac.torproject.org/projects/tor/ticket/8240


More information about the tor-dev mailing list