Silk Road forums

Discussion => Silk Road discussion => Topic started by: nonono on June 20, 2011, 06:38 am

Title: stop allowing hotlinking it is NOT SECURE
Post by: nonono on June 20, 2011, 06:38 am
Please STOP ALLOWING HOTLINKED IMAGES. It puts clients at tons more risk! An attacker now needs to trace three hops instead of ten. An attacker can force clients to open infinite circuits to servers they control by hotlinking a ton of images from different servers. Malicious exit nodes can look for connections to certain fed servers and inject exploits into the streams. Hidden services always use a unique circuit but connections to hotlinked image servers might share exits and put clients at risk of linkability attacks. Hotlinking is BAD BAD BAD and it is so annoying that you keep enabling it and or forgetting to turn it off. It is a huge security risk for so many reasons, if people want the security of surfing the clearnet they wouldn't be going to hidden services. Just because it is still Tor in either case doesn't mean shit, Tor clients connecting to hidden services (particularly non-malicious ones) are way more secure than clients connecting to random attacker controlled servers on the clear net. To throw away this benefit for clients by allowing hotlinking is just plain stupid.
Title: Re: stop allowing hotlinking it is NOT SECURE
Post by: rake on June 20, 2011, 06:41 am
What about hotlinking to .onion URLs?
Title: Re: stop allowing hotlinking it is NOT SECURE
Post by: nonono on June 20, 2011, 06:42 am
Hotlinking to .onion urls is much less of an issue but I still suggest against it