• Cinner@lemmy.worldB
    link
    fedilink
    arrow-up
    38
    arrow-down
    1
    ·
    edit-2
    8 months ago

    Nope, that’s literally what onion routing is about in case you aren’t being facetious. It’s in the whitepaper and in the code. It’s also in the Snowden leaks.

    Edit: Lemmy doesn’t allow direct image posting anymore?

    1

    1

    Of course that was a long time ago, and hidden services may be much more easily compromised now. And they’ll always have their precious 0days. Don’t traffick kids, terrorism, or ounces of pure fentanyl and tor will work just fine for you.

    • db2@lemmy.world
      link
      fedilink
      arrow-up
      17
      ·
      8 months ago

      and hidden services may be much more easily compromised now

      In the end it’s still just a site on a server, if it’s poorly configured or not secured well it’s as vulnerable as any other on the clear net. Once they’re able to work out where it is it becomes a honey pot shortly afterward.

      • Cinner@lemmy.worldB
        link
        fedilink
        arrow-up
        9
        ·
        8 months ago

        Yes, but with the amount of darknet markets and CSAM hidden services that have been taken down within a relatively short span of time compared to the last decade of tor’s more widespread history, it seems they may have a new vulnerability (or perhaps just a new covert post-snowden-acceptance surveillance court ruling) that allows them to identify hidden services real IP addresses. It’s speculation, but they wouldn’t use it bluntly or everyone would know there was a vulnerability and thousands more eyes would be on the tor code (or awareness of nation-state level traffic omniscience in the case of something as simple as a timing attack). A CSAM hidden service has been run by the federal governments of a few countries, so there’s no question of ethics or law in that case.

        • db2@lemmy.world
          link
          fedilink
          arrow-up
          11
          ·
          8 months ago

          The “users” are probably the weak point. Badly configured setups leaking info, aggregation using that info to fingerprint a user, etc. When they have a user account with access they can use it to keep collecting data and digging. I imagine it’s a slow process. Nothing networked can be 100% secure though.