11. Why use HS
• Avoid retaliation for what you publish
• Securely host and serve content
• Stealth Hidden Service
Sunday, September 4, 2011
12. Tor2web
• Works for HTTP(s) HS
• Promote Tor HS
• HS can impact the whole web!
Sunday, September 4, 2011
13. Tor2web 1.0
• Started by Aaaron Swartz in 2008
• Now part of GlobaLeaks
Sunday, September 4, 2011
14. Tor2web 1.0 Issues
• Exposed to abuse complaints
• Misuse of HS to spread illegal material
• No disclaimer
• This leads to Server Takedown
Sunday, September 4, 2011
16. Solved problems
• Tell the audience no content is hosted on
the server
• Abuse and problem complaint form
• Dynamic URL rewriting
Sunday, September 4, 2011
17. Kharon
• Complementary to tor2web
• Firefox and Chrome plugin
• https://github.com/hellais/kharon
• rewrites hidden services to tor2web and
i2p
• Done by evilaliv3, hellais and vecna
Sunday, September 4, 2011
18. Unsolved problems
• Responsibility not distributed
• Links directly serve the content
• High risk of takedown
Sunday, September 4, 2011
19. Future tor2web 3.0
• Discussed with Paul Syverson
• Further reduce the risk of takedown
• Distribute responsibility across multiple
actors
Sunday, September 4, 2011
20. Scenarios
• Spammer links to *.tor2web.org site hosted
on HS
• Illegal content hosting
Sunday, September 4, 2011
21. Definitions
User
Node
B
Node
A
Hidden Service
Sunday, September 4, 2011
22. Node A
• Landing page
• Accept disclaimer
• Does not serve content
• Generates a unique, temporary access URL
for the User
Sunday, September 4, 2011
23. Properties of the URL
• Usable once
• Only Node A’s can make them
• Usable only by who generated it
Sunday, September 4, 2011
24. The unique URL
H( nonce
timestamp
the_user (maybe the IP)
onion_address )
Sunday, September 4, 2011
25. The unique URL
Signed nonce
Node Node
A B
verifies the
Hash signature
User
computes the H(...)
Sunday, September 4, 2011
26. Node B
Node B is in different ISP and/or country
content
Node
User
B
Sunday, September 4, 2011
27. What have we
achieved?
• Distribute responsibility across two actors
in two different jurisdictions
• Avoid direct serving of content
• URL’s are unique per user
Sunday, September 4, 2011
28. New problems
• How to handle caching?
• The issue is the delay in connecting to HS
• Cache is used only after connection has
been established
• What are the flaws in this solution?
Sunday, September 4, 2011
29. Questions?
• Wiki: http://wiki.tor2web.org
• Mailing list: tor2web-talk@lists.tor2web.org
• IRC: #tor2web on irc.oftc.net
Sunday, September 4, 2011