[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Cryptography] Are Tor hidden services really hidden?
- To: [email protected]
- Subject: [Cryptography] Are Tor hidden services really hidden?
- From: [email protected] (Griffin Boyce)
- Date: Fri, 07 Mar 2014 18:38:40 -0500
- In-reply-to: <[email protected]>
- References: <CAMm+LwhGPw7=1nyWr=7kGbTyvzcFE1k58JQr=bizLxcvahtyGQ@mail.gmail.com> <CAD2Ti29NUXo17n-bv8HM=vfY6dVW3KxkKFQZaX5LJ4aVXkpVFA@mail.gmail.com> <CAMm+Lwjfi=PD7MmP4Obw67q3S5YPX8KJiK7uXFoivGbqAHNLUQ@mail.gmail.com> <CA+cU71mfO3DGQdu2O-=JyiCBG9zMRXouh=fW_s8u9RVcRug8kg@mail.gmail.com> <CAMm+Lwijd7myBCEs2+1qOJnB2wQR-z3wfu5Db6Du+Zyq9NDZ7w@mail.gmail.com> <[email protected]> <CAD2Ti2-HW=FZsN3YT5q8_pjay_aVuGAKBvvyz3Xu8uKbqP30Dg@mail.gmail.com> <[email protected]>
John Young wrote:
> "Also keep in mind that there are no confirmed on the record cases to
> date of a Tor 'break/weakness' having been used to find a user. It
> appears to be only user error."
>
> One of the perdurable claims of comsec promoters is that comsec
> breaks and weaknesses inevitably turn out to be user errors. Exactly
> who the fictitious user is remains obscure but assuredly means
> somebody other than the comsec promoter user who inevitably
> offers a greatly improved product, trust them.
If your hidden service isn't a clusterfuck of unpatched Apache and
sketchy PHP scripts, then it's not likely to get taken down or located.
If you're a terrible webmaster, you're obviously running a huge risk
with running a website, even if it is a hidden service. Tor isn't
magic. It can't magically make a terrible website awesome. It just
adds additional security -- it can't be the *entire* security plan.
~Griffin