• @[email protected]B
        link
        fedilink
        38
        edit-2
        10 months ago

        Nope, that’s literally what onion routing is about in case you aren’t being facetious. It’s in the whitepaper and in the code. It’s also in the Snowden leaks.

        Edit: Lemmy doesn’t allow direct image posting anymore?

        1

        1

        Of course that was a long time ago, and hidden services may be much more easily compromised now. And they’ll always have their precious 0days. Don’t traffick kids, terrorism, or ounces of pure fentanyl and tor will work just fine for you.

        • @[email protected]
          link
          fedilink
          1710 months ago

          and hidden services may be much more easily compromised now

          In the end it’s still just a site on a server, if it’s poorly configured or not secured well it’s as vulnerable as any other on the clear net. Once they’re able to work out where it is it becomes a honey pot shortly afterward.

          • @[email protected]B
            link
            fedilink
            910 months ago

            Yes, but with the amount of darknet markets and CSAM hidden services that have been taken down within a relatively short span of time compared to the last decade of tor’s more widespread history, it seems they may have a new vulnerability (or perhaps just a new covert post-snowden-acceptance surveillance court ruling) that allows them to identify hidden services real IP addresses. It’s speculation, but they wouldn’t use it bluntly or everyone would know there was a vulnerability and thousands more eyes would be on the tor code (or awareness of nation-state level traffic omniscience in the case of something as simple as a timing attack). A CSAM hidden service has been run by the federal governments of a few countries, so there’s no question of ethics or law in that case.

            • @[email protected]
              link
              fedilink
              1110 months ago

              The “users” are probably the weak point. Badly configured setups leaking info, aggregation using that info to fingerprint a user, etc. When they have a user account with access they can use it to keep collecting data and digging. I imagine it’s a slow process. Nothing networked can be 100% secure though.