• db2@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    10 months ago

    and hidden services may be much more easily compromised now

    In the end it’s still just a site on a server, if it’s poorly configured or not secured well it’s as vulnerable as any other on the clear net. Once they’re able to work out where it is it becomes a honey pot shortly afterward.

    • Cinner@lemmy.worldB
      link
      fedilink
      arrow-up
      9
      ·
      10 months ago

      Yes, but with the amount of darknet markets and CSAM hidden services that have been taken down within a relatively short span of time compared to the last decade of tor’s more widespread history, it seems they may have a new vulnerability (or perhaps just a new covert post-snowden-acceptance surveillance court ruling) that allows them to identify hidden services real IP addresses. It’s speculation, but they wouldn’t use it bluntly or everyone would know there was a vulnerability and thousands more eyes would be on the tor code (or awareness of nation-state level traffic omniscience in the case of something as simple as a timing attack). A CSAM hidden service has been run by the federal governments of a few countries, so there’s no question of ethics or law in that case.

      • db2@lemmy.world
        link
        fedilink
        arrow-up
        11
        ·
        10 months ago

        The “users” are probably the weak point. Badly configured setups leaking info, aggregation using that info to fingerprint a user, etc. When they have a user account with access they can use it to keep collecting data and digging. I imagine it’s a slow process. Nothing networked can be 100% secure though.