1. 15

    Sorry, not the first. I built this over 7 years ago… http://binarymax.com/tRand.html http://binarymax.com/javascript/tClient.js

    Not as much mathematical rigor as yours, so props to you for taking it more seriously than I :)

    Someone else also made one a couple years ago…but I can’t seem to find it. EDIT: found it - https://github.com/ryanmcdermott/birdseed

    1. 3

      Arrrh I googled it first and couldn’t find any ;-) Thanks for pointing this to me.

    1. 3

      What if all websites did this? Does the TOR infrastructure get overwhelmed?

      1. 5

        I think it would actually help the infrastructure because now traffic remains inside the network rather than having to go out an exit node, and the node serving the hidden service content is now an additional relay in the network.

        1. 4

          Traffic to and from a hidden service passes through 6 relays instead of 3 so it roughly doubles the bandwidth usage.

          1. 4

            This was the case, but is now not necessarily true. Tor users have been able to configure Tor to actually have additional hops, or a lower number, and there are now special configuration options HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode which make it easy to configure such a service without having to change the Tor source code. These options are very useful where a service exists on both the clear Internet and in Tor’s onionspace, so it isn’t necessary to hide the location of the server itself, while still allowing it to work via Tor without having to utilize the exit nodes. Because there is more relay capacity than exit capacity, it’s usually much faster to access a single-hop hidden service than the same service via an exit node.

            Edit: jnb beat me to it, it seems, but yes, this is the implementation of the idea he was speaking of. You can see additional information on implementation at https://trac.torproject.org/projects/tor/ticket/17178

            “Add experimental HiddenServiceSingleHopMode and HiddenServiceNonAnonymousMode options. When both are set to 1, every hidden service on a Tor instance becomes a non-anonymous Single Onion Service. Single Onions make one-hop (direct) connections to their introduction and renzedvous points. One-hop circuits make Single Onion servers easily locatable, but clients remain location-anonymous. This is compatible with the existing hidden service implementation, and works on the current tor network without any changes to older relays or clients. Implements proposal 260, completes ticket 17178. Patch by teor and asn.”

            1. 3

              There have been talks about having hidden services directly connected to a node (where the server does not care about hiding its position) and the client connects to it via the normal three nodes. I suppose if the .onion addresses were more popular, then this might actually be implemented (I think it was mentioned at the 32c3, I think it was this video. Granted I haven’t really followed the topic after that, so things might have changed already.

              Additionally, the exit nodes would have to handle less traffic, which would lead to a better distribution of it, so the additional bandwidth might not be as much of a problem.

              1. 3

                Single-hop hidden service has been implemented, the first stable release with it ( was released in December. It’s an option (not default) the hidden service can set if it wants faster connections (4 hops instead of 6) and doesn’t need to hide its location.

                1. 2

                  Maybe this is a stupid question, but what benefit is there to running a hidden service at that point? Is it just intended to be a DNS alternative, or is it intended to protect users from malicious exit nodes?

                  e: This was answered by the comment below

                  1. 1

                    Ah, thanks for the information :) good to see that it’s moving forward.

                    1. 1

                      well, it still hides the location - but with 1 hop security which can be enough depending on your threat model

                      1. 1

                        Sure, it really depends how much you trust your guard (and your guard’s ISP) and/or how much you care if the location gets revealed.

                        Threat model could range from “bored individual who you got the attention of” to law enforcement. Depends on how easily your guard’s ISP will roll over.