Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] DuckDuckGo vs Startpage

Nick liberationtech at njw.me.uk
Tue Jun 25 01:42:23 PDT 2013


Quoth Mike Perry:
> > > Hidden service circuits require ~4X as many Tor router traversals
> > > as normal Tor exit circuits to set up, and unlike normal Tor exit
> > > circuits, they are often *not* prebuilt. Once they are set up, they
> > > still require 2X as many Tor router traversals end-to-end as normal
> > > circuits. You could easily circle the globe several times to issue
> > > a single search query.
> > > 
> > > And all this is to use the Tor hidden service's 80bit-secure hash 
> > > instead of an https cert, along with all of the other issues with
> > > Tor Hidden Services that have accumulated over the past decade due
> > > to the lack of time for maintenance on Tor's part? I am not
> > > convinced.
> > 
> > This is good to know -- don't promote hidden service versions of
> > websites (including DDG) when they have an https version, as hidden
> > services are broken as of now.
> 
> Right. However, hidden services are still useful in narrow
> circumstances, even as janky as they are. I think their most compelling
> usecase is as fully internal TCP-style application endpoints, not as
> authentication mechanisms for services that already exist on the
> surveilled Internet, and use it for their communications.

But don't hidden services have the advantage that as there is no 
exit node, the adversary controlling the entry and exit node problem 
goes away? Or am I misunderstanding. I see that in this case the tor 
connection to the website is not likely to be the weak point anyway, 
but I'd be keen to know if I've got this wrong.



More information about the liberationtech mailing list