TOR Hidden Services - Computerphile
ฝัง
- เผยแพร่เมื่อ 8 มิ.ย. 2017
- The Dark web allows users to hide services using TOR, but how? Dr Mike Pound explains.
Onion Routing: • How TOR Works- Compute...
The Perfect Code: • The Perfect Code - Com...
Max's Deep Web Video : • Web vs Internet (Deep ...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
The thing I like about this guy is that I get it, and it all makes sense in one pass. He's got a gift.
It's because he's English hehe
@@minimoto2883 ห
หนังเรื่องใหม่
@@minimoto2883โอเวอร์
@@minimoto2883 เส้นเลือดข
Can this guy just take over the channel, I think its about time...
agreed xd
still does't mean he can't take over the channel lol
++
He can't. He has knowledge for some things, but not all.
having a PhD in Computer Scince, aren't you required to know pretty much everything and keep yourself updated on the new theories and papers since he is doing research, or am I mistaken
"Facebook is trying to protect their customer" - *laughs in 2018*
But isn't Goldman Sachs their main customer?
Liberals will get angry
Facebook is trying to protect their data, from other data horders
Facebook: We care about you, your data 2020
Just wait til 2020 😂
Every time I see Dr Mike Pound in my subscription feed, I have watch the video
These professors on Computerphile are just amazing. I wish I would have had the oportunity to learn from people like these when I was in uni.
_uses two colors_
well im out of colors, so im going to use a third color, orange.
oh, ok
That orange was a highlighter. The others were markers.
*colour
Carrotman no. im canadian and its or for me. has saved and will continue to save countless seconds
Doctor Robotnik, I like your use of countless :)
You're quoting an English man.
So would it count as a translation?
Just stumbled on this channel. Really like the way this guy explains things. Really clear, really concise. Also really like that he draws things out on mainframe printer paper. Takes me back.
"It's Facebook, we know where their server is. Their business is protecting their customers."
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
"wait you are serious?" *bender laughs even harder*
I am the product😑
Since I downloaded Tor the browser has links saying that people should stop using Facebook and other similar apps. Again that came from a few places on Tor.
@@jessicablack5306 well yeah everyone should be saying that, Facebook is horrible with how invasive they are, in Australia there's already videos up of police with papers in their hands and those pages have the persons Facebook information they're using it to justify arrests now. Also if you use any Amazon products like Alexa, hook up your Alexa to your computer and browse the files, you might not know it but there's numerous files being made of recordings of you, even when it's off.
"Stuff happens here, encrypted stuff..."
You guys should make a video telling people how you can be identified even if you are trying to be anonymous. He talked about data trafficking correlation, but there are other things that can identify you. Something very mundane, like the resolution you use, the browser etc.
Marcos Vinícius Petri and third party scripts
You must protect your entry into the TOR network and your exit from it - you are vulnerable at both points e.g. with a VPN as another layer.
Nautilus1972 Using VPN with tor actually decreases anonymity. Tor project doesn’t recommend it. VPN server IP addresses are known, so you have a known exit point when using them.
Meta data. contact lists. You are identified by your associations you make through most app/servers
Watch the hated one. He makes vids about that
This dude is my favourite on Computerphile. He's one step away from being a criminal mastermind
I don't even use TOR, but damn, it's design is clever and interesting. Good job on the videos!
@@MattInIllinois many people don't mind that, or even like that
@@MattInIllinois so just dont use google, you dont need tor.
What do you use instead of tor ?
What I want to to know is where this dude got the nostalgic stripy green fanfold tractor-feed paper that doesn't even look yellowed?? I remember when "backup" meant dumping your data onto 137 boxes of that stuff. [cough wheeze creak]
from the storage room in this university I'd imagine.
I'd love a video on the fall of silk road and transaction malleability. Keep up the great videos!
An episode about firewalls would be awesome.
Or your could read about them and get far more detail.
Bakipll you mean virtual broken condom.
@@obfuscated3090 Booo...
You guys should do a video on some of the weakness of TOR that have come out in the past year!
All these onions are making me cry
Been wondering how it worked for some time now and was too lazy to search. This video is gold
the best feature of tor hidden services to me is NAT punching. it basically allows a user to have a pc behind a NAT and still have a .onion address to SSH it. this is amaizing.
He is right; i found Onion cookies recipe in the deep&dark web. Excellent video, thank you
Seven words:
Professor Brailsford, Tom Scott and Mike Pound
Like if you agree!
Who are them?
That’s eleven words.
Tom Scott! My teacher
@YASH TRIVEDI He has his own channel, just put Tom Scott into youtube
I’m so sick of Facebook and that’s why I deleted my account. I couldn’t be happier and should’ve done it years ago.
Yet another great overview!
It seems like the main drawback is that an attacker with large servers could populate the node list with thousands or more of nodes, track down regular users, and hit them with a denial of service for a short window to control all traffic passing through the network, and easily sniff users out.
That is why Tor is better with more legit nodes, they make Tor more resilient
I think it's interesting how Facebook is embracing Tor users while other sites deny service to them altogether.
ElagabalusRex yes we are lucky Alec Muffett is in the organization.
Why the would you use Facebook on tor anyways? I mean...seems counterintuitive, cause anonymity.
Oh wait.. firewalls and such I
Imagine.
@@ChunkyWaterisReal because you have some activities you do there, or clients you do for. It's a big network and you don't necessarily have to use your real personal information to use their services.
Another amazing video. Do you know the details about how Silk Road was taken down?
Worse, he was using that account to advertise the site. Also he used the same username on several such accounts.
With the in→out thing be possible to counteract by random padding going in that is dropped at the last node before being sent out, making it harder to correlate the two?
This was really well articulated thank you
Is there any way that you can open the auto-captions in videos? Sometimes it is harder to understand with the accent if you are not the native speaker.
press C
0:53 I haven't seen that paper in a long time. Great explanation. Thanks,
W00t thanks for this follow-up as we requested!!!
I'm not sure if you guys do this or not, but could you do a video about Kali Linux/Kali Nethunter and penetration testing, and perhaps a video about DNS queries and how OSs like TAILS and Whonix allegedly prevent DNS leakage? I know I'm asking for quite a bit of content here... Just thought I'd ask and see what I get. Lol. Thanks for all the great videos. They've been greatly informative as I endeavor to learn more about networking and programming.
I am not an expert in cryptograph/security, but I am quiet well versed in distributed systems. It would seem to me that the key to hidden services is that the server hosting the service operates using TOR cells (packets? not sure on nomenclature here). Since the cells are all the same size and encrypted, it becomes infeasible using simple/traditional means to correlate data packets at the destination to those from a client origin. Without hidden services the destination servers will have traditional IP packets that are susceptible to correlation using data size and timing techniques. Is this a correct interpretation of hidden services?
The introduction points, DHT, onion address, etc. all seem like a cryptographic replacement of DNS with a method to bridge two TOR circuits. That, in itself, doesn't seem like it provides the extra anonymity of the hidden service.
Could you randomly divide the traffic (every 8,16 or 24 bits) between 3 different, unconnected circuits?
Awesome channel, especially this guy do explanation so easy.
I literally fell asleep to this. not in a bad way at all. it calms me
Does this guy have his own channel?
yes but he has no vids on it
This is his channel now
i love this channel.
I'm not an informatic and I won't ever know how to actually make all the things he says, but just understanding all of this is very fun and informative.
Wonder if they ever will do episode on computerphile of why Tor browser suggests it not be opened to full screen or it can be tracked. How can opening the tor browser to full window be possibly be used to track someone?
Martin Pisz it's to do with mouselogging. Basic keyloggers will take mouse location and click points. People who log into Bank Account using on-screen keyboards may be keylogged via positions. Obviously the are other ways to mouselog but basic ones dont bother
Martin Pisz In addition, browser window resolution is information used in producing a browser fingerprint for the purpose of identifying a user.
Sites (or anybody sniffing around hard enough) can see your browsers dimensions (in full-screen your screen dimensions) and it might prove useful in finding you. There might be other reasons but this what I know of. If anybody has more info, your contribution would be appreciated.
Just disable JavaScript inside the TOR Browser, then it doesn't matter. No hidden service worth anything actually requires JavaScript to work, some even explicitly tell you to turn it off.
IF(!) you have JavaScript enabled (which is a very very very very bad idea when you want anonymity), a script can detect your resolution/browser size. This does not mean that thousands of others might have the same one, but it's one puzzle piece for identifying someone. You should google panopticlick and/or browserleaks.TorBrowser is a hardened Firefox, with lots of stuff disabled or tweaked to make identifying someone harder. But the biggest problem is JavaScript - as proven by some FBI hack some years ago.
Is there something in place that prevents the IP and the RP from being the same router?
I just installed Tor on my phone and now getting this video recommendation.
As for 01:09, even if someone is sniffing A and B, they can't prove that B is A because B's source IP is of some machine the the TOR network. Unless you follow through all the nodes A used to B, you can't show they are connected. Correct me if I'm wrong.
They can't prove that with certainty, but they can with some degree of confidence. If A puts in a packet, then after a semi-constant delay it comes out on the other side, and it's happened a lot of times in sequence already, then it's probable that B is relaying A's traffic.
Thank you for all the services you provide free of cost and it is not even hidden :P
Does that hidden server cycle its introduction points inside of this onion cloud? Or does it not need to?
And are they manually picking these points or is it part of the TOR protocols? Are they able to pick them?
I'm not 100% sure so take this with a grain of salt, but when you create an onion service, the only thing you store locally is the public and private key and the hostname (the .onion address itself). There's no information stored locally about the descriptor or introduction points, so I assume they're determined every time tor is restarted
this guy has the most soothing voice
Does Tor have one Master server that handles assigning the circuits of clients on initial setup or is that all done automatically? Like how does it know that this server is a circuit?
Does the first circuit you connect to know your IP?
clear video👌
thanks. exited with the content of your channel , am a big fan.
....please i wish to ask ,are websites on the dark web coded with normal web languages???.
Yes. they use the same web languages.
Please make a video about h265 and h264.
I understand that h265 is more efficient? and should give a better quality at the same bitrate..
but which has better quality 2.6GB h264 1080p or 580MB h265 1080p?
I see you found something to do with those reams of dotmatrix paper... :)
I think I still have a case of that stuff somewhere in my office
Send me those boxes! This is extremely cool, I was wondering what was that paper
This channel provides a better education than my computer science degree smh
Maybe I didn't get this right, but with the single union facebook example you described, coulnt someone theoreticaly still sniff at the entry node and exit node to do a corilation based attac, since the exit node can know the identity of the server?
Tiesproductions yes this is an issue with tor in general - a sufficiently powerful adversary with global knowledge of the network could (theoretically) correlate all the network's input and output messages to identify the users and their destinations. however this is already the situation of the internet without tor, so by using tor you are increasing an adversary's effort by a significant margin.
I love your videos Mike! *hugs*
Shout-out to Ross Ulbricht
Shout out? Just email him...he likes to post his email apparently...and takes terrible photos. Unless he was practicing for prison..then yea ok
5:10 or a pastebin document publishing a big fat list of them (but usually only sharing the doc with a certain group), as is the case for some services
best books for networking and cloud computing ?
phoenix go to hidden wiki and search for library links
Onionymous services
I would love to watch this guy have a conversation about TOR with Eli the computer guy. That would be interesting :)
I would be appreciate if you made a video about I2P and Freenet too.
All of that is a debate based on nonsensical assumptions.
"Is Anonymity worth Criminality?" makes no sense, you cannot get rid of the criminality anyway.
You can't get rid of it (well..), but that's no reason to make it easy.
Every system can be changed to make surveillance possible. If half of the population works for the police, it is possible to eliminate 'normal' criminality. It is just that everybody outside of North Korea agrees that it is not worth it. You can allow or remove anonymity, which will have an effect on how difficult crime becomes.
(to be clear: I'm for TOR staying legal)
"You can not save all lives, so it is noth worth it to save any lives."
Shitty argument.
Rik Wisselink Basically, any surveillance just moves the problem up. What prevents criminals from abusing it? I mean, any system can be broken into.
Followed by a shitty analogy I guess.
If I take away your guns you're going to stab someone with a knife. If I take your knives you'll club someone to death with a stick. Making tor illegal will just spurt out other services that do the same thing. Take away my tool to achieve anonymity, i'll look for something else.
"You cannot save a single live, so you better not use that as an argument to also beat every second persons face in."
Would be more aedequate a phrasing.
I am not saying "you cannot get rid of it completely", i am saying "it would not make a cents worth of difference, hence its not an argument."
Legendary Mike !
Can you make a video explaining the math behind onion routing?
If I controlled the entrypoint of the client, and the entrypoint of the server then I should be able to perform a heuristic analysis or not ?
neumde neuer yes tor is vulnerable to a sufficiently powerful adversary with global knowledge of the network
This video when over my head.
It’s a crying shame that with the way things are going with device and software manufacturers, web services and trackers, and all out privacy invasion from government entities these days that in order to even get a resemblance of privacy and security, one actually needs to go down this rabbit hole to even start protecting their rights and dignity... A crying shame...
Had no clue this much was going on with Tor. Didn’t really know what was going on at all before this.
I love Tor for stuff that i can't gain access to (10 percent), while (95percent) of the stuff i reguarly have access to on the daily i use my other daily browsers are my Chrome browser and MSFT Edge.
I like the ghost cube up on the shelf.
i think i asked this in the comments to his last video about onion routing but since it didn't get an answer I'm gonna ask it again here: to avoid the danger of someone correlating traffic going into and coming out of the TOR network, could you build into the protocol that the client node adds a random number of dud packets that are taken out while being passed on in the TOR network, and within the TOR network more dud packets are added? Shouldn't this completely screw up any chance of being able to correlate traffic? Wouldn't this advantage be even better if the client and server knew to delay random packets by a random amount of time as well?
heyandy x ah ok then. so those other protocols you mentioned, are they used by other dark web browsers then?
Would that slow traffic down to a slower crawl? Don't know just asking
I know next to nothing going into this, so forgive my ignorance with this question.
You've said that if someone had control of the initial entry point into the network and the final exit node, that they could decode the information they wanted (right?).
Some quick Google-fu leads me to believe there are less than 1000 exit nodes currently in operation.
What's to stop, say, the NSA from generously starting up another 1000 exit nodes of their own, giving them a 50% chance of having control over any given exit node? Thereby effectively eliminating that second requirement and leaving them only with a need to sniff around at the initial entry point.
Again, forgive me if I've completely misunderstood something (or several things).
Jacob Harrison yes this is a worrisome future, in fact the FBI employed such a measure in attempt to track activity of tor users.
Where can I read more about Facebook's integration?
Is this just something an `.onion` service can choose to do - connect directly to rendezvous node?
The more I think about hidden services and the more it appears that it's in effect a virtual drug dealer network. There are people trying to buy (clients), people producing and selling (servers), people that redistribute the drug (dealers, here introduction points), and then rendez-vous places where to buy the drug. It's really amazing to see it that way, it makes perfect sense lol.
Yes , the dealer is trying to stop you seeing the supplier.
@@boboften9952 ææp 8 8kg lo
Maybe talk about Hyperboria/CJDNS next?
2:22 and there goes a tree, "Timber!"
5:22 *The way the Distributed Hash Table is programmed the vast majority of nodes wont know what the descriptor is for a given key. Only one or a couple.*
Why one or a couple? Is it necessary to make the TOR network works ???
I would like to see a video about pluggable transports and how they work
never have i smashed the like button so fast
I know I'm late, but trying my hand here...
Once the RP is set, how is the connection any more anonymous than usual, except for the added nodes? How is the traffic monitoring on both ends any harder?
My understanding is that only the server will know when the message has reached the final hop. Anyone watching could just think that the server is another router in the chain.
Does anyone know the name of orrecognize that C++ book on the bookshelf in the background?
You can deduce the video's progress just by measuring the amount of marker there is on Dr Mike's hands
would it be possible to follow a trail of physical locations where each node is to link the server and the client?
they probably don't store their data.
What about cache, there has to be some sort of cache
Rovert2001 The network is designed to prevent this sort of thing. If you control two nodes involved, though, you can start to identify the nodes between them, but that's difficult given the randomness and number of nodes available.
uu i think he has the same keyboard that i have at my work! thou probably different layout. nice vid btw
i like him so much!
The FBI raided my house and I spent 100 years in jail because I forgot to clear my browser history
why is the fbi here
Why is the CIA hear
Who cares about your browser when your ISP sees everything you do
@@lksw42439 and that's where you realize people know nothing about the dark web and hacking if they claim to do it on their home network XD you take a junk laptop, a usb wifi card, and go to a mcdonalds 10 miles down the road and then do what you need to do.
@@dwalters98 that actually makes sense thanks
Great video!
Somewhere out there someone is having a fit because the title says TOR instead of Tor.
What if the introduction point is compromised?
it won't matter because the communication is encrypted with public encryption, think of it like TLS.
00:17
"A lot of what happens... is illegal"
Yeah, like entrapment❗
Won't the router node see the messages? It has to finish decrypting the layers from the sender, and start wrapping the layers for the reciever.
Couldn't a nation state create an extraordinarily large number of Tor nodes on the cloud and monitor them all? Wouldn't that increase the odds of being able to track Tor users? If a nation state created 10,000 virtual PC based Tor nodes would that increase tracking potential? How about 50,000 nodes scattered all over the world? If the nation state could monitor all of them does this increase their chances of tracking Tor traffic and capturing data streams?
pepeledog Yes, they can, and yes, they've done this. It kinda like the 50% attack on Bitcoin, eg. if you own a sufficient fraction of the network you control it's destiny
@@mduckernz
And what if intelligence agencies actually helped start projects like Bitcoin and Tor?!
"It's Facebook, we know where the servers are" that did not age well (4th of october, 2021)
How does the introduction point send a message back to the server if it doesn't know it's IP address?
Andy Wilson this is key insight of tor. it allows client and server to communicate without knowing each other's identity or location. broadly the concept is the same as using a proxy - obscures info about the client from the server. definitely check out FAQ on the Tor website and also how-to's from the EFF
Thanks. I didn't know the TOR circuit remained open between the server and the introduction point.
No prob. Yeah, initially the circuit remains open. Once the rendezvous point is established, then the Introduction Point is out of the picture - just client, hop hop rendezvous, hop hop server.
If the routers are publicly listed can someone actually go to the introduction router and demand that they give them the address they forward the messages to and keep doing that along the 3 nodes until the reach the server? Also is a vpn just a 1 router onion router?
theres thousends of connections and are random, this is only works with clear net, traffic corelation only works in the clearnet, when using tor.
create your own channel Dr Pound!
mspy can be installed without the target device remotely
5:30 - Until recently? So it means now there's an easy way of finding secret services?
Ted Chirvasiu there are lists of them that you can find on the regular internet, but if somebody wants to keep their service hidden (and just give it out to select few people) then they can keep it that way
I really like the torn network plus whonix as a virtual machine 👊
You made a small mistake ._.
The RP doesn't connect to one of the introduction points, it only
receivces the one time secret at the beginning. Afterwards the client
sends the one time secret and the address of the RP to an introduction
point, encrypted with the public key of the server, through a tor
circuit. The introduction point sends the package to the server, which
connects through a new circuit, but with the same Guardian Node to the
RP and tells it the secret.
The rest of the video should be correct.
(check the torproject docs, if you don't believe me)
I love this guy