Tor Connections To Hidden Services Could Be Easy To De-Anonymize

angry tapir writes with news of a report presented Friday at Hack In The Box which outlines a counterintuitive fact about Tor: Identifying users who access Tor hidden services — websites that are only accessible inside the Tor anonymity network — is easier than de-anonymizing users who use Tor to access regular Internet websites. That's because the addresses of the Hidden Service Directories (HSDirs) used to index those Tor-network-only sites, though shuffled daily, can be predicted (and hijacked) with cheap brute-force techniques. "The researchers managed to place their own nodes as the 6 HSDirs for facebookcorewwwi.onion, Facebook's official site on the Tor network, for the whole day on Thursday. They still held 4 of the 6 spots on Friday. Brute-forcing the key for each node took only 15 minutes on a MacBook Pro and running the Tor relays themselves cost US$62 on Amazon's EC2 service.

Tor's trust model has always been broken

[nctritech]

The simple fact that it uses "directory servers" for Tor stuff (including hidden services) means that there is centralization in the network. Centralization of control is the enemy of anonymous communications because it vastly shrinks the target surface area required to damage or intercept that communications. This is just another hole in the bottom of the anonymity boat for Tor users. A better system would publish services using the public key of a strong asymmetric encryption algorithm such that the only valid responses could be encrypted with the private key; flooding the network with bad information to turn yourself into the correct node for a given "hidden service" name simply wouldn't work.