Academic paper from last month’s International World Wide Web Conference for people who enjoy reading such things. :-)

*"Our approach involves injecting malicious Monero Tor hidden service nodes into the Monero P2P network to correlate the onion addresses of incoming Monero Tor hidden service peers with their originating transactions.

And by sending a signal watermark embedded with the onion address to the Tor circuit, we establish a correlation between the onion address and IP address of a Monero Tor hidden service node."*

  • Scolding0513@sh.itjust.works
    link
    fedilink
    arrow-up
    4
    ·
    6 months ago

    looks like 20% of guards are run on Hetzner gear. this is really bad considering they are knowm to be backdoored by feds. yet somehow everyone forgot, like they always do. sad shit.

    • boldsuck@scribe.disroot.org
      link
      fedilink
      arrow-up
      3
      ·
      edit-2
      6 months ago

      Yes, for years we in the Tor community have been trying to point out this to new relay operators: https://community.torproject.org/relay/technical-considerations/ Try to avoid the following hosters:

      • OVH SAS (AS16276)
      • Online S.a.s. (AS12876)
      • Hetzner Online GmbH (AS24940)
      • DigitalOcean, LLC (AS14061)
      • Frantech/BuyVM (AS53667) is also often full, because Francisco allows exits and he takes care of the abuse mail shit.

      Guards, bridges and middle relays can actually be operated at nearly any hoster. They don’t get abuse and don’t attract attention. It’s difficult to find a hoster for an exit. It’s best to have your own AS.

      • Scolding0513@sh.itjust.works
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        thanks for the additional info.

        tor project needs to make a big announcement or something, because basically you can consider these nodes as being run by the fucking NSA/5eyes. this is really bad. one of the reasons i dont trust TOR alone for certain things anymore.