Unprecedented Spike In TOR .Onion Nodes (profwoodward.org)

← Back to Stories (view on slashdot.org)

Unprecedented Spike In TOR .Onion Nodes (profwoodward.org)

Posted by whipslash on Friday February 19, 2016 @08:19PM from the tor-files dept.

Martin S. writes: The Tor project is reporting an unprecedented rise in unique .Onion nodes, rising from around 40k to 60k in just a few days, says security researcher Professor Woodward. I wonder is this could possible be related to Shari Steel plan to push Tor mainstream, as reported on /. a few days ago.

15 of 57 comments (clear)

Min score:

Reason:

Sort:

Duh by Anonymous Coward · 2016-02-19 20:22 · Score: 5, Insightful

More FBI nodes to more easily de-anonymize the network.
1. Re:Duh by Trailer+Trash · 2016-02-20 03:45 · Score: 2
  
  More FBI nodes to more easily de-anonymize the network.
  My first thought. That's half as many added in a few days - something's fishy.
  
  --
  Do you have ESP?
Sites, not nodes by Anonymous Coward · 2016-02-19 21:04 · Score: 5, Informative

The number of hidden services (.onion sites) has increased, not the number of exit or relay nodes.
Personally, I don't see 20k more hidden services as a big number: I'm surprised there are so few total (60k). Tor hidden services are a great way to run a server with a dynamic IP address and solve NAT and fire wall issues all at once for free when trying to run a personal server. It also solves several other problems people generally care less about (hides your IP to prevent traffic DDOS attacks, and protects your identity), provides an easy mechanism to have multiple servers serving the same address for redundancy, provide end to end encryption (if the client is also using tor) and makes your service more accessible to clients using TOR (they don't have to go through an exit node).
Tor hidden services are great for low-bandwidth latency tolerant random services you might want to serve off your laptop or phone from time to time. I found it easier to setup most alternatives for solving any one of these issues: I set up a tor hidden service on the first try with no issues. It was easier than getting my dynamic DNS working, and also easier than forwarding a port through my router. (You can host a tor hidden service without port forwarding since all the connections the server makes are actually outward to the poxy nodes).
Really I think the only big issue with them is the latency, and lack of IPv6 support. On that note, I recently had an IPv4 outage for a while and it was interesting to see what worked on IPv6 only.
1. Re:Sites, not nodes by Anonymous Coward · 2016-02-20 00:00 · Score: 4, Interesting
  
  How does the Tor swarm work anyway when most people don't have open ports for listening? Btw I'm posting this from Tor, kudos to Slashdot for allowing it when most sites are a PITA to use from Tor.
2. Re:Sites, not nodes by Anonymous Coward · 2016-02-20 08:17 · Score: 2, Informative
  
  As with any TCP/IP connection, only one side of each connection needs to be listening. In the case of TOR, the user doesn't need any open ports, only the relays need to have open ports. The major misunderstanding I've seen of TOR (especially recently) is that it isn't a "swarm" in the sense that not every user is a relay and even less are exits, you have to specifically enable those settings.
3. Re:Sites, not nodes by Anonymous Coward · 2016-02-20 09:33 · Score: 2, Funny
  
  Unfortunately they'll have to turn it off again if APK ever figures out how to use Tor.
BBC also reporting this now by Martin+S. · 2016-02-19 21:07 · Score: 2

Tor: 'Mystery' spike in hidden addresses
Encryption trojans by Anonymous Coward · 2016-02-19 21:12 · Score: 5, Interesting

There's a recent spike in encryption trojans, too. The recovery-keys are provided through TOR.
e.g.
http://1.f.ix.de/scale/geometry/695/q75/imgs/18/1/7/5/3/8/0/5/locky-desktop-9dc10fc8250d6db0.png
Looks like its generating specific servers to get the keys from for every victim.
1. Re:Encryption trojans by Anonymous Coward · 2016-02-19 21:17 · Score: 3, Interesting
  
  Yes, i have seen this trojan twice last week, in different company, sure that the increase of tor's nodes come from that.
Meanwhile, IBM announced . . . by PolygamousRanchKid+ · 2016-02-19 21:28 · Score: 4, Funny

. . . that they sold and delivered a 20K server to the NSA . . .

--
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
Potentially caused by IM application by WoOS · 2016-02-19 21:42 · Score: 5, Informative

According to TFA (yes, I know, I am not supposed to read it) this could be caused by the anonymous messaging application Ricochet which apparently creates a hidden service for each user.
Would have expected that that information was mentioned in the summary.
Re:Smells like Government plan to me... by KGIII · 2016-02-19 21:58 · Score: 3, Interesting

That's how I understand it but I too am not an expert. I also understand that it's most important when you leave the .onion domains and enter the "clearnet." (When using it as a proxy, for example.) I guess if someone can see enough of the internet at one time then they can also use traffic shaping and timing to single out a user. So long as you remain on the .onion networks you are reasonably safe - some say completely safe.
Now, safe means that you are safe technically. It does not mean you're safe otherwise. You still need to avoid identifying browser characteristics/fingerprints. You need to not leak personal information of any kind and that includes keeping scripting off (or very selective and with great attention to care) and not installing extensions that single you out or may leak the data to a third party. Assuming one is attentive enough to practice safe-hex, they're reasonable secure - with a high level of certainty.
As always, safety needs to be weighed against your goals and the risks you're willing to take to reach them. Security is a process, not an application and nothing is completely secure.

--
"So long and thanks for all the fish."
Sceptical old me by liqu1d · 2016-02-19 23:02 · Score: 3, Interesting

This reads more of an ad for Ricochet than anything substantial.
Re:Smells like Government plan to me... by gweihir · 2016-02-20 05:28 · Score: 3, Informative

These are hidden servers, not entry- or exit-points.

--
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Re:Smells like Government plan to me... by KGIII · 2016-02-20 07:43 · Score: 2

Damn that Slashdot formatting. It appears to have removed your citation. Think you could post it again?

--
"So long and thanks for all the fish."