Today’s post covers Tor hidden services and their anonymity.  In the first few paragraphs I will provide some basic, high level information on the Tor network and then talk about a way to uncover the real location of some anonymous hidden services.

For those not familiar with it: Tor allows anyone to proxy their network traffic* through the Tor peer to peer network, transiting several peers before reaching its destination.  The destination can be either a service on the open Internet or a “hidden service” only available via the Tor network. (*only TCP and DNS traffic is allowed through Tor)

Routers:

Traffic transiting the Tor network is encrypted and routed through several peers in a way that no single peer ever knows both the source and the destination of the traffic, thus providing a level of anonymity to the originator.  The peers which pass on traffic are called routers, and can be run by anyone who would like to contribute to the capacity of the Tor network.  The Tor client run by the person wanting to proxy traffic through the Tor network chooses the routers to use for each connection.

Hidden services:

Tor allows people to run services, such as HTTP, HTTPS, SMTP, SSH, etc. that are available exclusively via the Tor network.  These are called “hidden services” or “onion services” due to the .onion pseudo TLD used to identify them.  These hidden services provide anonymity not only for the user of the service, but also for the publisher who runs the service.

What not to do:

Don’t run a router and a hidden service from the same connection if you want to remain anonymous.  While I hate to tell people not to contribute, if you’re running a hidden service it is a bad idea to run a router from the same connection.  The reason for this is that routers are public by design.  Everybody needs to know what routers exist so that they can decide which ones to use for their connections.

In all my reading of the documentation and about the Tor network, I never ran across the advice not to run both a router and a hidden service.  I have seen it mentioned since I started working on this project and began looking for it specifically.  But, this is something that I think should be in big bold letters warning people of the risks, not tucked away in a small corner of a website somewhere.

Why shouldn’t I do that?

As I said in the previous section, “what not to do”, routers are public.  When you run a router you publish a “descriptor” that tells other people how to talk to your router.  This means you tell them what your real IP address is along with some other information.  If you run a router and a hidden service from the same connection, when you have a service interruption both the router and hidden service will experience it at the same time.  If someone were monitoring the uptime of both, they could correlate the simultaneous service outages and get a pretty good idea that the particular hidden service is at the same location as the router.  The longer they watch, the surer they can be.

This makes sense and yet I can see how it would be easy to screw up.