Examples Of Hidden Service Deanonymization
[9 Points] dev1aTor:
[3 Points] R3FRESHED1:
Some people are just dumb and do not consider the risks. Rule of thumb too: never trust user input
[1 Points] ecstasais:
What a load of bullshit. That's old thinking. Yes, some attack vectors shown in this article are useful, but they fall really short of what to do to make your hidden service really secure.
An article written by n00b who demonstrates that he can "hack" into systems that have weaknesses which probably every beginner script kiddie will try out first.
I've said it many times and I will say it once more: A hidden service must be set up absolutely hardened on many different layers, so these "hacking" examples in the article would look like a joke, would be totally impossible.
And, a hidden service must be designed in a way that even if the server is physically compromised, it would be impossible to read (decrypt) any information. Eeach and every row in the "sensitive" information database tables must have their own encryption key. No central/master key = attacker could potentially only decrypt only a couple table rows, which have been written there by the user account that was used as an attack medium.
End
Luckily the future looks brighter for all of us. There's decentralized P2P solution in development as we speak.
http://img.ctrlv.in/img/17/08/15/59930877482af.png
http://img.ctrlv.in/img/17/08/15/599308ff1a1e5.png
Absolutely secure. No central keys. Protected from end to end. Encrypted on all layers (including local data) Planned to support all coins with 2-of-3 mutisig
It can't, and won't work on clearnet.
The era of phishing, hacks and large busts is coming to an end!