SlideShare une entreprise Scribd logo

Tor2web ESC2011

Arturo Filastò
Arturo Filastò

Tor2web is a gate to Tor Hidden Services

TechnologieDesign
1  sur  30
Télécharger pour lire hors ligne
tor2web Past, Present and Future of Tor Hidden Services Sunday, September 4, 2011
What is tor2web? • Gate to hidden services • Allows people to access HTTP(s) Hidden Services without Tor Sunday, September 4, 2011
Tradeoff • --Client Anonymity • ++Usability Sunday, September 4, 2011
Tor Hidden Services • am4wuhz3zifexz5u.onion • Anonymity for the Server • DoS protection • End-To-End encryption Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Sunday, September 4, 2011
Why use HS • Avoid retaliation for what you publish • Securely host and serve content • Stealth Hidden Service Sunday, September 4, 2011
Tor2web • Works for HTTP(s) HS • Promote Tor HS • HS can impact the whole web! Sunday, September 4, 2011
Tor2web 1.0 • Started by Aaaron Swartz in 2008 • Now part of GlobaLeaks Sunday, September 4, 2011
Tor2web 1.0 Issues • Exposed to abuse complaints • Misuse of HS to spread illegal material • No disclaimer • This leads to Server Takedown Sunday, September 4, 2011
First iteration Sunday, September 4, 2011
Solved problems • Tell the audience no content is hosted on the server • Abuse and problem complaint form • Dynamic URL rewriting Sunday, September 4, 2011
Kharon • Complementary to tor2web • Firefox and Chrome plugin • https://github.com/hellais/kharon • rewrites hidden services to tor2web and i2p • Done by evilaliv3, hellais and vecna Sunday, September 4, 2011
Unsolved problems • Responsibility not distributed • Links directly serve the content • High risk of takedown Sunday, September 4, 2011
Future tor2web 3.0 • Discussed with Paul Syverson • Further reduce the risk of takedown • Distribute responsibility across multiple actors Sunday, September 4, 2011
Scenarios • Spammer links to *.tor2web.org site hosted on HS • Illegal content hosting Sunday, September 4, 2011
Definitions User Node B Node A Hidden Service Sunday, September 4, 2011
Node A • Landing page • Accept disclaimer • Does not serve content • Generates a unique, temporary access URL for the User Sunday, September 4, 2011
Properties of the URL • Usable once • Only Node A’s can make them • Usable only by who generated it Sunday, September 4, 2011
The unique URL H( nonce timestamp the_user (maybe the IP) onion_address ) Sunday, September 4, 2011
The unique URL Signed nonce Node Node A B verifies the Hash signature User computes the H(...) Sunday, September 4, 2011
Node B Node B is in different ISP and/or country content Node User B Sunday, September 4, 2011
What have we achieved? • Distribute responsibility across two actors in two different jurisdictions • Avoid direct serving of content • URL’s are unique per user Sunday, September 4, 2011
New problems • How to handle caching? • The issue is the delay in connecting to HS • Cache is used only after connection has been established • What are the flaws in this solution? Sunday, September 4, 2011
Questions? • Wiki: http://wiki.tor2web.org • Mailing list: tor2web-talk@lists.tor2web.org • IRC: #tor2web on irc.oftc.net Sunday, September 4, 2011
Thanks for listening! Sunday, September 4, 2011

Recommandé

Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection TechniquesArturo Filastò
 
GloabLeaks ESC2011
GloabLeaks ESC2011GloabLeaks ESC2011
GloabLeaks ESC2011Arturo Filastò
 
The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011Mikko Ohtamaa
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Mozilla & Connected Devices
Mozilla & Connected DevicesMozilla & Connected Devices
Mozilla & Connected DevicesRobert 'Bob' Reyes
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda Cheryl McKinnon
 

Recommandé

Censorship Detection Techniques
Censorship Detection TechniquesCensorship Detection Techniques
Censorship Detection TechniquesArturo Filastò
 
GloabLeaks ESC2011
GloabLeaks ESC2011GloabLeaks ESC2011
GloabLeaks ESC2011Arturo Filastò
 
The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011The Easy Way - Plone Conference 2011
The Easy Way - Plone Conference 2011Mikko Ohtamaa
 
Information Security Professional
Information Security ProfessionalInformation Security Professional
Information Security ProfessionalAmmar WK
 
Mozilla & Connected Devices
Mozilla & Connected DevicesMozilla & Connected Devices
Mozilla & Connected DevicesRobert 'Bob' Reyes
 
Pentesting embedded
Pentesting embeddedPentesting embedded
Pentesting embeddedantitree
 
Corporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityCorporate Intelligence: Bridging the security and intelligence community
Corporate Intelligence: Bridging the security and intelligence communityantitree
 
AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda AIIM Ottawa Sept 8 2011 Agenda
AIIM Ottawa Sept 8 2011 Agenda Cheryl McKinnon
 
Building Languages for the JVM - StarTechConf 2011
Building Languages for the JVM - StarTechConf 2011Building Languages for the JVM - StarTechConf 2011
Building Languages for the JVM - StarTechConf 2011Charles Nutter
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsMuhammad Ikram Ul Haq
 
Doctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisDoctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisJonathan Wage
 
Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)Martin von Haller Groenbaek
 
Intro to Micro-frameworks
Intro to Micro-frameworksIntro to Micro-frameworks
Intro to Micro-frameworksjsmith92
 
Node js techtalksto
Node js techtalkstoNode js techtalksto
Node js techtalkstoJason Diller
 
Brandfuel24 presentatie vincent everts sept2011©
Brandfuel24 presentatie vincent everts sept2011©Brandfuel24 presentatie vincent everts sept2011©
Brandfuel24 presentatie vincent everts sept2011©Vincent Everts
 
APIs and URLs for Social TV
APIs and URLs for Social TVAPIs and URLs for Social TV
APIs and URLs for Social TVDan Brickley
 
Extending rails
Extending railsExtending rails
Extending railsBlazing Cloud
 
High quality iOS development
High quality iOS developmentHigh quality iOS development
High quality iOS developmentRobin Lu
 
Managing in an XML environment
Managing in an XML environmentManaging in an XML environment
Managing in an XML environmentScriptorium Publishing
 
102611 justice and journalism
102611 justice and journalism102611 justice and journalism
102611 justice and journalismVal Hoeppner
 
about:labs
about:labsabout:labs
about:labsAnant Narayanan
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Contenu connexe

Similaire à Tor2web ESC2011

Building Languages for the JVM - StarTechConf 2011
Building Languages for the JVM - StarTechConf 2011Building Languages for the JVM - StarTechConf 2011
Building Languages for the JVM - StarTechConf 2011Charles Nutter
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsMuhammad Ikram Ul Haq
 
Doctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisDoctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisJonathan Wage
 
Intro to Micro-frameworks
Intro to Micro-frameworksIntro to Micro-frameworks
Intro to Micro-frameworksjsmith92
 
Node js techtalksto
Node js techtalkstoNode js techtalksto
Node js techtalkstoJason Diller
 
Brandfuel24 presentatie vincent everts sept2011©
Brandfuel24 presentatie vincent everts sept2011©Brandfuel24 presentatie vincent everts sept2011©
Brandfuel24 presentatie vincent everts sept2011©Vincent Everts
 
APIs and URLs for Social TV
APIs and URLs for Social TVAPIs and URLs for Social TV
APIs and URLs for Social TVDan Brickley
 
High quality iOS development
High quality iOS developmentHigh quality iOS development
High quality iOS developmentRobin Lu
 
102611 justice and journalism
102611 justice and journalism102611 justice and journalism
102611 justice and journalismVal Hoeppner
 

Similaire à Tor2web ESC2011 (13)

Building Languages for the JVM - StarTechConf 2011
Building Languages for the JVM - StarTechConf 2011Building Languages for the JVM - StarTechConf 2011
Building Languages for the JVM - StarTechConf 2011
 
Using+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applicationsUsing+javascript+to+build+native+i os+applications
Using+javascript+to+build+native+i os+applications
 
Doctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 ParisDoctrine In The Real World sflive2011 Paris
Doctrine In The Real World sflive2011 Paris
 
Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)Open source jura CBS (03 11-2010)
Open source jura CBS (03 11-2010)
 
Intro to Micro-frameworks
Intro to Micro-frameworksIntro to Micro-frameworks
Intro to Micro-frameworks
 
Node js techtalksto
Node js techtalkstoNode js techtalksto
Node js techtalksto
 
Brandfuel24 presentatie vincent everts sept2011©
Brandfuel24 presentatie vincent everts sept2011©Brandfuel24 presentatie vincent everts sept2011©
Brandfuel24 presentatie vincent everts sept2011©
 
APIs and URLs for Social TV
APIs and URLs for Social TVAPIs and URLs for Social TV
APIs and URLs for Social TV
 
Extending rails
Extending railsExtending rails
Extending rails
 
High quality iOS development
High quality iOS developmentHigh quality iOS development
High quality iOS development
 
Managing in an XML environment
Managing in an XML environmentManaging in an XML environment
Managing in an XML environment
 
102611 justice and journalism
102611 justice and journalism102611 justice and journalism
102611 justice and journalism
 
about:labs
about:labsabout:labs
about:labs
 

Dernier

What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Dernier (20)

What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Tor2web ESC2011

  • 1. tor2web Past, Present and Future of Tor Hidden Services Sunday, September 4, 2011
  • 2. What is tor2web? • Gate to hidden services • Allows people to access HTTP(s) Hidden Services without Tor Sunday, September 4, 2011
  • 3. Tradeoff • --Client Anonymity • ++Usability Sunday, September 4, 2011
  • 4. Tor Hidden Services • am4wuhz3zifexz5u.onion • Anonymity for the Server • DoS protection • End-To-End encryption Sunday, September 4, 2011
  • 11. Why use HS • Avoid retaliation for what you publish • Securely host and serve content • Stealth Hidden Service Sunday, September 4, 2011
  • 12. Tor2web • Works for HTTP(s) HS • Promote Tor HS • HS can impact the whole web! Sunday, September 4, 2011
  • 13. Tor2web 1.0 • Started by Aaaron Swartz in 2008 • Now part of GlobaLeaks Sunday, September 4, 2011
  • 14. Tor2web 1.0 Issues • Exposed to abuse complaints • Misuse of HS to spread illegal material • No disclaimer • This leads to Server Takedown Sunday, September 4, 2011
  • 16. Solved problems • Tell the audience no content is hosted on the server • Abuse and problem complaint form • Dynamic URL rewriting Sunday, September 4, 2011
  • 17. Kharon • Complementary to tor2web • Firefox and Chrome plugin • https://github.com/hellais/kharon • rewrites hidden services to tor2web and i2p • Done by evilaliv3, hellais and vecna Sunday, September 4, 2011
  • 18. Unsolved problems • Responsibility not distributed • Links directly serve the content • High risk of takedown Sunday, September 4, 2011
  • 19. Future tor2web 3.0 • Discussed with Paul Syverson • Further reduce the risk of takedown • Distribute responsibility across multiple actors Sunday, September 4, 2011
  • 20. Scenarios • Spammer links to *.tor2web.org site hosted on HS • Illegal content hosting Sunday, September 4, 2011
  • 21. Definitions User Node B Node A Hidden Service Sunday, September 4, 2011
  • 22. Node A • Landing page • Accept disclaimer • Does not serve content • Generates a unique, temporary access URL for the User Sunday, September 4, 2011
  • 23. Properties of the URL • Usable once • Only Node A’s can make them • Usable only by who generated it Sunday, September 4, 2011
  • 24. The unique URL H( nonce timestamp the_user (maybe the IP) onion_address ) Sunday, September 4, 2011
  • 25. The unique URL Signed nonce Node Node A B verifies the Hash signature User computes the H(...) Sunday, September 4, 2011
  • 26. Node B Node B is in different ISP and/or country content Node User B Sunday, September 4, 2011
  • 27. What have we achieved? • Distribute responsibility across two actors in two different jurisdictions • Avoid direct serving of content • URL’s are unique per user Sunday, September 4, 2011
  • 28. New problems • How to handle caching? • The issue is the delay in connecting to HS • Cache is used only after connection has been established • What are the flaws in this solution? Sunday, September 4, 2011
  • 29. Questions? • Wiki: http://wiki.tor2web.org • Mailing list: tor2web-talk@lists.tor2web.org • IRC: #tor2web on irc.oftc.net Sunday, September 4, 2011
  • 30. Thanks for listening! Sunday, September 4, 2011