This community should be more concerned about the security flaws at the very core of Tor.

People here seem to be under the illusion that tor is nearly unbreakable. And dont get me wrong, tor is a great piece of software. But its already been very severely compromised by quite a few attacks. An attacker controlling an array of nodes operating as HSDir's can theoretically deanonymize a hidden service in, statistically, 8 months time. An attacker controlling both an HSDir and a guard node can deanonymize any client connecting to a specific site through that guard node.

Tor is no longer fully secure. I had originally thought to myself that the community should move to i2p and eepsites, but then again I doubt its much more secure than Tor is.

Either way, this is a problem that people around here dont really seem too concerned about, but could bring the entire community crashing down.


Comments


[14 Points] emaildisposable:

No one here is under the illusion that TOR is unbreakable, but thanks for the post stating the obvious and then providing no information about OPSEC or anything else of value.


[7 Points] sohhlz:

Nothing is perfect:

http://wwwcip.cs.fau.de/~spjsschl/i2p.pdf

https://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release (look at the first line)


With Tor or i2p, even if you are de-anonymized, the packets are still encrypted end to end so that they can't see what you are doing on the market, just that you are connecting to it.

That being said, the vendors and the market itself face the most danger in a de-anonymization scenario.


[1 Points] None:

There's nothing I love more than being patronised first thing on a Saturday morning.

I imagine everyone here is well aware that Tor isn't 100% safe... Because nothing is. And it would be foolish and arrogant to think otherwise.

So what do you suggest then? Because to me this post comes across as a whole lot of speculation with no solutions or suggestions.


[0 Points] Throwaway_concept:

So after posting a bunch of known information, what do you think we should do about it? i2p hasn't been tested as hard as Tor. It could be just as breakable.