I have a, more or less, general question about the security of tor’s hidden services.
I’m asking this here, in the whonix forum, because:
a) I want to setup a hidden service with whonix
and
b) I need an answer from someone with the right expertise in this matter. So I figured that whonix developers and “hardcore” whonix users have probably this expertise.
First of all I want to clarify a few things:
- I know that nothing is or ever will be 100% secure
- I know that no one can give me an exact answer
- I know that no one, beside myself, is responsible for my actions. And only I am accountable if things go sideways.
- I am not looking for detailed technical answers.
- I am not looking for links to other articles, blogs, forums where a similar topic or question might have been discussed before
- I am reading already for months countless blogs, forums, articles, guides and so on (this includes of course whonix.org and torproject.org)
- I am new to using tor (tbb, tails, whonix, hs), linux, pgp, btc etc. (like I said, i started a few months ago)
So what I need is an educated guess / opinion from qualified people. (i.e. I would consider whonix developer, tor developer, tails developer, qubes developer, eff-people, ccc-people as qualified. (Of course it is not limited to this crowd - those are just examples to give you an idea what I’m talking about.)
The Question:
How secure (in the meaning of traceable) is a hidden service? (which is run or maintained in north america or western europe)
The problem(s):
- even after months of research, reading and experimenting with (and about) tor, whonix, tails, pgp, hidden services, anonymous surfing, emailing and so on - I’m stll not sure how secure a hidden service is (properly setup of course).
- this is because:
- lots and lots of information is way to technical for a “noob” to understand
- lots of information is pretty outdated
- blogs, media, news and tech-websites spread wrong and “half-true” information i.e. “Researcher found out that countless hidden services can be de-anonymized within minutes” - “tor is broken - tor-user can now be easily tracked down” and so on…
I’m splitting my question into two parts:
First part:
Has a hidden service been taken down / de-anonymized / its owner been arrested because of a flaw within tor or a flaw in hidden services in general?
so far i couldn’t find one report, article or whatever which clearly states that a 3-letter agency or whoever was able to arrest someone or take down a hidden service because they “cracked” tor or something like that.
Let’s look at the darknet markets as an example:
There have been quite some “busts” of markets and dealers since the famous take down of the silkroad. BUT as far as I could find out, none was because they were able to track down a hidden service or to “crack” tor to find out who is the owner of a hidden service.
It looks to me that all those busts and arrests were possible just because of “good ol’ fashioned police work” i.e. undercover agents infiltrating markets and communities, bad opsec of those people who got arrested (including “stupidities” like advertising your own darknet market with your official email (the alleged founder of the original silkroad), “snitching” and people who tell on other people when they are interrogated to get off the hook or a reduced sentence…
Also here on whonix.org (somewhere) it says that there has no known “exploit” been used in “the wild” to de-anonymize a tor hidden service… also on the tor website(s) I read that all those ways to track down / trace back/ de-anonymize a hidden service are all just “theories”… research papers based on limited experiments in a controlled environment.
I think the take down and arrests connected to freedom-hosting were also caused by human-errors of at least one person involved in freedom-hosting and not because they actually traced down the sever locations through technical means (hacking or traffic-correlations etc.)
So if that is still true, that would mean that a hidden service itself is damn secure to own/maintain/run. and that, at least in the last 2-4 years, no hs was really “cracked”.
Is this correct?
Second part:
how risky would it be for ME to run my own hidden service from at home with whonix?
Like I said before, I need a serious, educated guess from qualified people… I’m NOT looking for an official confirmation … so please no standard “disclaimer-answers” like “don’t rely on tor or whonix if you really need anonymity”… no one needs to be worried to get “sued” or whatever ;)… we are talking just in theory and just about educated guessing…
Further information about what I want to do, how and my situation:
I want to run a hidden service with whonix from “home”.
I would:
-
Be located either in north America or western Europe.
In a big city i.e NYC, L.A., Paris, Berlin, London…
So that would mean I’d be “surrounded” by quite an amount of other tor users, a reliable power-grid, and decent constitutional rights framework, more or less effective privacy laws, decent citizen-rights and so on…
but of course also with the illegal activities of intelligence-services (Europeans and Americans) and unconstitutional behavior of governments (like the behavior of the u.s. government towards whistle-blower and the behavior of European countries towards Snowden and the wikileaks founder Assange). -
On a “clean” host" computer (means: without malware, viruses ect.)
No compromised software or hardware to begin with.
(we assume build in hardware backdoors don’t exist…or at least not in my computer) -
I’m not already under “targeted surveillance”
… just under the “normal” mass surveillance" everyone is a victim of and a “little bit” more suspicious" because of a regular use of tor… which puts me in a group of million other tor user in north America or western Europe… so a bit more of a “possible suspect” than the 80 year old granny who hasn’t even a PC but still far away from being really interesting for “them”. -
My activity would really fast draw attention.
-
Staying anonymous is essential! and “they” would really fast try to de-anonymize me.
-
My opsec would be flawless
-
im a linux and tor noob
-
I’d use nested VPN’s (without money trace)
So, what are the educated guesses, based on facts and knowledge about the risks for me to run a hidden service with whonix from home?
(Fyi: I have only two options. To go through with it or to drop it. If I go through with it, I have to use a tor hs anyway, the question is doing it myself or with a 3rd party host (who would have my private keys) or a vps (and the host could get easily access to my hs and private keys). A dedicated server is too expensive for now and maybe as a noob not really ideal anyway. Also doing things in person is not an option. that would require lots of time, lots of traveling and lots of money. Dropping it isn’t really an option as well, unless it’s like “Drop it or …”, in this case I would have to drop it, of course. But this would be really really bad, because this thing is about a really serious worldwide issue, I prepared for 5 years on this and as far as I know, no one is at the moment actively and effectively working on this and time is really of the essence in this matter.)