-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Understand the implications of publishing multiple hidden services #52
Comments
I've started a thread about this on the tor-talk mailing list. I think it would be good to add your questions to it: https://lists.torproject.org/pipermail/tor-talk/2014-July/033819.html |
Answering my own questions:
Not significantly. The same set of guards will be used. A client publishing two services will contact twice as many HSDir, and use twice as many introduction points. At worst, this makes it more likely that a malicious relay will be chosen in one of those positions, but these relays should have limited impact. It may be slightly easier for a guard to identify that it is being used for a hidden service, simply because there is more HS publication traffic to observe. It is probably not hard already.
No. Guards are unaffected, and the set of relays used for HSDir and intro rotates very frequently.
Easily enough that it shouldn't be depended on for the user's anonymity. HSDir timestamps, traffic/latency patterns, the guard set, and a variety of other factors can show a relationship between services.
I haven't been able to find any examples of hidden services causing unreasonable load on the network. More than two per user would be excessive, and stealth-authorized services don't scale at all. I'm confident enough in those answers to close this, and I'm going to write out some more detailed ideas on hidden service use. |
Are you talking about traffic correlation or confirmation? Tor doesn't protect against confirmation, be it for hidden services or regular client use. |
"Traffic/latency patterns" is referring to confirmation attacks, yes. My overall point is that it's not too difficult to "prove" that two hidden services are published from the same source, so we should be careful designing features that would depend on that to be safe. |
Ricochet currently only publishes one hidden service per client. There are a lot of things that could be improved if we could publish more of them simultaneously, or rotate them automatically.
Before that can happen, I need to understand the implications it might have for anonymity. In particular:
The text was updated successfully, but these errors were encountered: