[tor-talk] BlackHat2014: Deanonymize Tor for $3000
grarpamp
grarpamp at gmail.com
Fri Jul 4 20:05:29 UTC 2014
On Fri, Jul 4, 2014 at 8:15 AM, Nathan Andrew Fain <nathan at squimp.com> wrote:
> "Trawling for Tor Hidden Services: Detection, Measurement,
> Deanonymization"
> Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann
> http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf
>
> the two seem very similar. in the case of the paper linked amazon
> services were utilized. or perhaps someone can explain where the two
> research groups differ?
Yes, clearly an extension, optimization, or new work along the lines
of the above paper.
Perhaps more interesting is this dilemma...
> https://lists.torproject.org/pipermail/tor-talk/2014-July/033693.html
> "They wanted a NDA, so most Tor Project's core contributors don't know
> what's in the air."
So we have at least one core person who knows. Now assuming this
presentation [1] is in fact 'Really Bad News' for, at minimum,
Hidden Services... will the details of it be leaked in order to
'save' HS operators/users before CERTs/GOVs/LEAs/Vigilantes/Spies
and the thought police have time to get at them (or what unexposed
elements still remain of them)?
This is premised upon CERT's typical cozy relationships with LEA's,
naturally leading to sharing with them what are potentially ...
'tested ... in the wild ... dozens of successful real-world
de-anonymization case studies, ranging from attribution of'
... really diskliked things. Particularly cases of human harm
where it is only natural to seek intervention.
Then there are the cases worthy of every possible protection outlined
here...
https://www.torproject.org/about/torusers.html.en
Therein lies the dilemma. What do you do?
[Note that even if the above relationships, or desire to intervene,
do not exist... said spies and their actors are likely to monitor
the full research details, and know who in the public knows as well.
This could lead to shorter time constraints on all sides.]
[1] Which I forgot to link in the OP, thanks Matthew.
https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
More information about the tor-talk
mailing list