Skip to content

distinguishing between (non-) hidden service hosters, too few/much open circuits

For Internet Service Providers it's too easy to find who hosts a hidden service and who doesn't.

For people connecting to the public Tor network:

  • Tor users have X open circuits after Tor started.
  • Hosters of hidden services have much more open circuits after Tor started. In my tests it were mostly X*3 open circuits.
  • It's trivial for ISPs to distinguish between non-hidden-services and regular Tor users.
  • That analysis combined with another attack, such as Murdoch's clock skew attack can de-anonymize Tor hidden service hosters.

For people connecting to (obfuscated) bridges:

  • Same as above but depends on the ability of the ISP to detect connections to the Tor network.

Suggested solution:

  • Open the same amount of circuits. Do not let that depend on if the user hosts a hidden service or not.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information