TOR Hidden Services - Computerphile
HTML-код
- Опубликовано: 16 янв 2025
- The Dark web allows users to hide services using TOR, but how? Dr Mike Pound explains.
Onion Routing: • How TOR Works- Compute...
The Perfect Code: • The Perfect Code - Com...
Max's Deep Web Video : • Web vs Internet (Deep ...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscom...
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
![Felix "Unfair" | [Stray Kids : SKZ-PLAYER]](http://i.ytimg.com/vi/Oswujxm2Ag0/mqdefault.jpg)
The thing I like about this guy is that I get it, and it all makes sense in one pass. He's got a gift.
It's because he's English hehe
@@minimoto2883 ห
หนังเรื่องใหม่
@@minimoto2883โอเวอร์
@@minimoto2883 เส้นเลือดข
Can this guy just take over the channel, I think its about time...
agreed xd
still does't mean he can't take over the channel lol
++
He can't. He has knowledge for some things, but not all.
having a PhD in Computer Scince, aren't you required to know pretty much everything and keep yourself updated on the new theories and papers since he is doing research, or am I mistaken
These professors on Computerphile are just amazing. I wish I would have had the oportunity to learn from people like these when I was in uni.
"Facebook is trying to protect their customer" - *laughs in 2018*
But isn't Goldman Sachs their main customer?
Liberals will get angry
Facebook is trying to protect their data, from other data horders
Facebook: We care about you, your data 2020
Just wait til 2020 😂
Every time I see Dr Mike Pound in my subscription feed, I have watch the video
Just stumbled on this channel. Really like the way this guy explains things. Really clear, really concise. Also really like that he draws things out on mainframe printer paper. Takes me back.
"It's Facebook, we know where their server is. Their business is protecting their customers."
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
"wait you are serious?" *bender laughs even harder*
I am the product😑
Since I downloaded Tor the browser has links saying that people should stop using Facebook and other similar apps. Again that came from a few places on Tor.
@@jessicablack5306 well yeah everyone should be saying that, Facebook is horrible with how invasive they are, in Australia there's already videos up of police with papers in their hands and those pages have the persons Facebook information they're using it to justify arrests now. Also if you use any Amazon products like Alexa, hook up your Alexa to your computer and browse the files, you might not know it but there's numerous files being made of recordings of you, even when it's off.
This dude is my favourite on Computerphile. He's one step away from being a criminal mastermind
_uses two colors_
well im out of colors, so im going to use a third color, orange.
oh, ok
That orange was a highlighter. The others were markers.
*colour
Carrotman no. im canadian and its or for me. has saved and will continue to save countless seconds
Doctor Robotnik, I like your use of countless :)
You're quoting an English man.
So would it count as a translation?
You guys should make a video telling people how you can be identified even if you are trying to be anonymous. He talked about data trafficking correlation, but there are other things that can identify you. Something very mundane, like the resolution you use, the browser etc.
Marcos Vinícius Petri and third party scripts
You must protect your entry into the TOR network and your exit from it - you are vulnerable at both points e.g. with a VPN as another layer.
Nautilus1972 Using VPN with tor actually decreases anonymity. Tor project doesn’t recommend it. VPN server IP addresses are known, so you have a known exit point when using them.
Meta data. contact lists. You are identified by your associations you make through most app/servers
Watch the hated one. He makes vids about that
"Stuff happens here, encrypted stuff..."
I don't even use TOR, but damn, it's design is clever and interesting. Good job on the videos!
@@MattInIllinois many people don't mind that, or even like that
@@MattInIllinois so just dont use google, you dont need tor.
What do you use instead of tor ?
What I want to to know is where this dude got the nostalgic stripy green fanfold tractor-feed paper that doesn't even look yellowed?? I remember when "backup" meant dumping your data onto 137 boxes of that stuff. [cough wheeze creak]
from the storage room in this university I'd imagine.
An episode about firewalls would be awesome.
Or your could read about them and get far more detail.
Bakipll you mean virtual broken condom.
@@obfuscated3090 Booo...
the best feature of tor hidden services to me is NAT punching. it basically allows a user to have a pc behind a NAT and still have a .onion address to SSH it. this is amaizing.
All these onions are making me cry
You guys should do a video on some of the weakness of TOR that have come out in the past year!
It seems like the main drawback is that an attacker with large servers could populate the node list with thousands or more of nodes, track down regular users, and hit them with a denial of service for a short window to control all traffic passing through the network, and easily sniff users out.
That is why Tor is better with more legit nodes, they make Tor more resilient
I think it's interesting how Facebook is embracing Tor users while other sites deny service to them altogether.
ElagabalusRex yes we are lucky Alec Muffett is in the organization.
Why the would you use Facebook on tor anyways? I mean...seems counterintuitive, cause anonymity.
Oh wait.. firewalls and such I
Imagine.
@@ChunkyWaterisReal because you have some activities you do there, or clients you do for. It's a big network and you don't necessarily have to use your real personal information to use their services.
He is right; i found Onion cookies recipe in the deep&dark web. Excellent video, thank you
I’m so sick of Facebook and that’s why I deleted my account. I couldn’t be happier and should’ve done it years ago.
Seven words:
Professor Brailsford, Tom Scott and Mike Pound
Like if you agree!
Who are them?
That’s eleven words.
Tom Scott! My teacher
@YASH TRIVEDI He has his own channel, just put Tom Scott into youtube
Does this guy have his own channel?
yes but he has no vids on it
This is his channel now
I'd love a video on the fall of silk road and transaction malleability. Keep up the great videos!
Been wondering how it worked for some time now and was too lazy to search. This video is gold
I am not an expert in cryptograph/security, but I am quiet well versed in distributed systems. It would seem to me that the key to hidden services is that the server hosting the service operates using TOR cells (packets? not sure on nomenclature here). Since the cells are all the same size and encrypted, it becomes infeasible using simple/traditional means to correlate data packets at the destination to those from a client origin. Without hidden services the destination servers will have traditional IP packets that are susceptible to correlation using data size and timing techniques. Is this a correct interpretation of hidden services?
The introduction points, DHT, onion address, etc. all seem like a cryptographic replacement of DNS with a method to bridge two TOR circuits. That, in itself, doesn't seem like it provides the extra anonymity of the hidden service.
Is there any way that you can open the auto-captions in videos? Sometimes it is harder to understand with the accent if you are not the native speaker.
press C
"is TOR worth the criminality that is on there and so on" is the same argument governments make eroding fundamental rights in the name of terrorism. If your moral compass is based on legalities I'd suggest you have chosen a poor foundation. Let me re-frame your statement: is it worth letting the law diminish your fundamental right to choose how to live your life (non aggression principle withstanding)?
@@MintyLime703 not sure your counterpoint makes sense. because a government agency developed the first onion routing protocol references, government should not be questioned? I was also referencing the tone and questions raised in the video.
Wonder if they ever will do episode on computerphile of why Tor browser suggests it not be opened to full screen or it can be tracked. How can opening the tor browser to full window be possibly be used to track someone?
Martin Pisz it's to do with mouselogging. Basic keyloggers will take mouse location and click points. People who log into Bank Account using on-screen keyboards may be keylogged via positions. Obviously the are other ways to mouselog but basic ones dont bother
Martin Pisz In addition, browser window resolution is information used in producing a browser fingerprint for the purpose of identifying a user.
Sites (or anybody sniffing around hard enough) can see your browsers dimensions (in full-screen your screen dimensions) and it might prove useful in finding you. There might be other reasons but this what I know of. If anybody has more info, your contribution would be appreciated.
Just disable JavaScript inside the TOR Browser, then it doesn't matter. No hidden service worth anything actually requires JavaScript to work, some even explicitly tell you to turn it off.
IF(!) you have JavaScript enabled (which is a very very very very bad idea when you want anonymity), a script can detect your resolution/browser size. This does not mean that thousands of others might have the same one, but it's one puzzle piece for identifying someone. You should google panopticlick and/or browserleaks.TorBrowser is a hardened Firefox, with lots of stuff disabled or tweaked to make identifying someone harder. But the biggest problem is JavaScript - as proven by some FBI hack some years ago.
Another amazing video. Do you know the details about how Silk Road was taken down?
Worse, he was using that account to advertise the site. Also he used the same username on several such accounts.
It’s a crying shame that with the way things are going with device and software manufacturers, web services and trackers, and all out privacy invasion from government entities these days that in order to even get a resemblance of privacy and security, one actually needs to go down this rabbit hole to even start protecting their rights and dignity... A crying shame...
I see you found something to do with those reams of dotmatrix paper... :)
I think I still have a case of that stuff somewhere in my office
Send me those boxes! This is extremely cool, I was wondering what was that paper
I'm not an informatic and I won't ever know how to actually make all the things he says, but just understanding all of this is very fun and informative.
As for 01:09, even if someone is sniffing A and B, they can't prove that B is A because B's source IP is of some machine the the TOR network. Unless you follow through all the nodes A used to B, you can't show they are connected. Correct me if I'm wrong.
They can't prove that with certainty, but they can with some degree of confidence. If A puts in a packet, then after a semi-constant delay it comes out on the other side, and it's happened a lot of times in sequence already, then it's probable that B is relaying A's traffic.
This channel provides a better education than my computer science degree smh
I just installed Tor on my phone and now getting this video recommendation.
All of that is a debate based on nonsensical assumptions.
"Is Anonymity worth Criminality?" makes no sense, you cannot get rid of the criminality anyway.
You can't get rid of it (well..), but that's no reason to make it easy.
Every system can be changed to make surveillance possible. If half of the population works for the police, it is possible to eliminate 'normal' criminality. It is just that everybody outside of North Korea agrees that it is not worth it. You can allow or remove anonymity, which will have an effect on how difficult crime becomes.
(to be clear: I'm for TOR staying legal)
"You can not save all lives, so it is noth worth it to save any lives."
Shitty argument.
Rik Wisselink Basically, any surveillance just moves the problem up. What prevents criminals from abusing it? I mean, any system can be broken into.
Followed by a shitty analogy I guess.
If I take away your guns you're going to stab someone with a knife. If I take your knives you'll club someone to death with a stick. Making tor illegal will just spurt out other services that do the same thing. Take away my tool to achieve anonymity, i'll look for something else.
"You cannot save a single live, so you better not use that as an argument to also beat every second persons face in."
Would be more aedequate a phrasing.
I am not saying "you cannot get rid of it completely", i am saying "it would not make a cents worth of difference, hence its not an argument."
Shout-out to Ross Ulbricht
Shout out? Just email him...he likes to post his email apparently...and takes terrible photos. Unless he was practicing for prison..then yea ok
clear video👌
This video when over my head.
So when do we get an I2P video?
0:53 I haven't seen that paper in a long time. Great explanation. Thanks,
I'm not sure if you guys do this or not, but could you do a video about Kali Linux/Kali Nethunter and penetration testing, and perhaps a video about DNS queries and how OSs like TAILS and Whonix allegedly prevent DNS leakage? I know I'm asking for quite a bit of content here... Just thought I'd ask and see what I get. Lol. Thanks for all the great videos. They've been greatly informative as I endeavor to learn more about networking and programming.
00:17
"A lot of what happens... is illegal"
Yeah, like entrapment❗
Awesome channel, especially this guy do explanation so easy.
W00t thanks for this follow-up as we requested!!!
I literally fell asleep to this. not in a bad way at all. it calms me
this guy has the most soothing voice
This was really well articulated thank you
Onionymous services
Had no clue this much was going on with Tor. Didn’t really know what was going on at all before this.
Thank you for all the services you provide free of cost and it is not even hidden :P
Somewhere out there someone is having a fit because the title says TOR instead of Tor.
1:08
Sniffing
1:28
Hidden Service
3:33
Onion routers
4:03
Connections
5:57
Request.
7:08
Connection.
7:51
Final circuit.
Is there something in place that prevents the IP and the RP from being the same router?
Couldn't a nation state create an extraordinarily large number of Tor nodes on the cloud and monitor them all? Wouldn't that increase the odds of being able to track Tor users? If a nation state created 10,000 virtual PC based Tor nodes would that increase tracking potential? How about 50,000 nodes scattered all over the world? If the nation state could monitor all of them does this increase their chances of tracking Tor traffic and capturing data streams?
pepeledog Yes, they can, and yes, they've done this. It kinda like the 50% attack on Bitcoin, eg. if you own a sufficient fraction of the network you control it's destiny
@@mduckernz
And what if intelligence agencies actually helped start projects like Bitcoin and Tor?!
"It's Facebook, we know where the servers are" that did not age well (4th of october, 2021)
I love your videos Mike! *hugs*
Who captioned this? 10:18 is complete garbage.
Computerphile can you please add subtitles? English is not my first language and I find some of your videos tough to comprehend.
well, it's gonna take a while. the viewers are the people who end up creating the subtitles
5:10 or a pastebin document publishing a big fat list of them (but usually only sharing the doc with a certain group), as is the case for some services
5:30 - Until recently? So it means now there's an easy way of finding secret services?
Ted Chirvasiu there are lists of them that you can find on the regular internet, but if somebody wants to keep their service hidden (and just give it out to select few people) then they can keep it that way
How can the dark web be so bad if people are just sharing "cookies"?
Cookies are dangerous!!!
An easier way to break down what this guy is saying. A client(the user on a computer) makes a request to send packets to a server over the internet. Lets say there is three routers(A,B,C) that the packets have to go thru in order to get to the service. Client -> Router A(Router A knows the packets came from the client. Now Router A will "peel back the information that the packets came from the client"). Now the packets are at Router B(Now Router B will "peel back the information that the packets came from A"). Then router C does the next thing. These routers are picked completely at random in the Tor network. The whole time that the packets are traveling to the service, none of the routers have the ip address destination of the service. In addition, the nodes(aka the routers) do not record the path that the packets traveled in , adding to its anonymity. An Onion address is how the packet gets there.
I know next to nothing going into this, so forgive my ignorance with this question.
You've said that if someone had control of the initial entry point into the network and the final exit node, that they could decode the information they wanted (right?).
Some quick Google-fu leads me to believe there are less than 1000 exit nodes currently in operation.
What's to stop, say, the NSA from generously starting up another 1000 exit nodes of their own, giving them a 50% chance of having control over any given exit node? Thereby effectively eliminating that second requirement and leaving them only with a need to sniff around at the initial entry point.
Again, forgive me if I've completely misunderstood something (or several things).
Jacob Harrison yes this is a worrisome future, in fact the FBI employed such a measure in attempt to track activity of tor users.
Maybe I didn't get this right, but with the single union facebook example you described, coulnt someone theoreticaly still sniff at the entry node and exit node to do a corilation based attac, since the exit node can know the identity of the server?
Tiesproductions yes this is an issue with tor in general - a sufficiently powerful adversary with global knowledge of the network could (theoretically) correlate all the network's input and output messages to identify the users and their destinations. however this is already the situation of the internet without tor, so by using tor you are increasing an adversary's effort by a significant margin.
Please make a video about h265 and h264.
I understand that h265 is more efficient? and should give a better quality at the same bitrate..
but which has better quality 2.6GB h264 1080p or 580MB h265 1080p?
You can deduce the video's progress just by measuring the amount of marker there is on Dr Mike's hands
i love this channel.
I would be appreciate if you made a video about I2P and Freenet too.
I love Tor for stuff that i can't gain access to (10 percent), while (95percent) of the stuff i reguarly have access to on the daily i use my other daily browsers are my Chrome browser and MSFT Edge.
Does that hidden server cycle its introduction points inside of this onion cloud? Or does it not need to?
And are they manually picking these points or is it part of the TOR protocols? Are they able to pick them?
I'm not 100% sure so take this with a grain of salt, but when you create an onion service, the only thing you store locally is the public and private key and the hostname (the .onion address itself). There's no information stored locally about the descriptor or introduction points, so I assume they're determined every time tor is restarted
Could you randomly divide the traffic (every 8,16 or 24 bits) between 3 different, unconnected circuits?
thanks. exited with the content of your channel , am a big fan.
....please i wish to ask ,are websites on the dark web coded with normal web languages???.
Yes. they use the same web languages.
The FBI raided my house and I spent 100 years in jail because I forgot to clear my browser history
why is the fbi here
Why is the CIA hear
Who cares about your browser when your ISP sees everything you do
@@lksw42439 and that's where you realize people know nothing about the dark web and hacking if they claim to do it on their home network XD you take a junk laptop, a usb wifi card, and go to a mcdonalds 10 miles down the road and then do what you need to do.
@@dwalters98 that actually makes sense thanks
Can you make a video explaining the math behind onion routing?
With the in→out thing be possible to counteract by random padding going in that is dropped at the last node before being sent out, making it harder to correlate the two?
Unrelated, but I think it's very interesting that he writes left-handed, but uses a mouse in the right hand. Most likely this isn't his desk or office, but if any lefties out there have any insight or reasoning to this, reply! I'm curious. (also note the amount of fingerprints on the right side of the monitor, egregious as touching a screen may be)
I like the ghost cube up on the shelf.
You made a small mistake ._.
The RP doesn't connect to one of the introduction points, it only
receivces the one time secret at the beginning. Afterwards the client
sends the one time secret and the address of the RP to an introduction
point, encrypted with the public key of the server, through a tor
circuit. The introduction point sends the package to the server, which
connects through a new circuit, but with the same Guardian Node to the
RP and tells it the secret.
The rest of the video should be correct.
(check the torproject docs, if you don't believe me)
What if the introduction point is compromised?
it won't matter because the communication is encrypted with public encryption, think of it like TLS.
2:22 and there goes a tree, "Timber!"
What I study in college: 00:01 - 09:24 .
My answer in exams: 09:25 !
best books for networking and cloud computing ?
phoenix go to hidden wiki and search for library links
So could a hidden service become so popular, it become un-hidden but still provide anonymity.
Yakntoro Udoumoh
"It's a secret to everybody!"
It would still be hidden. It's not a secret, people know WHAT it is, the hidden part is that nobody knows WHERE it is.
I would like to see a video about pluggable transports and how they work
The more I think about hidden services and the more it appears that it's in effect a virtual drug dealer network. There are people trying to buy (clients), people producing and selling (servers), people that redistribute the drug (dealers, here introduction points), and then rendez-vous places where to buy the drug. It's really amazing to see it that way, it makes perfect sense lol.
Yes , the dealer is trying to stop you seeing the supplier.
@@boboften9952 ææp 8 8kg lo
create your own channel Dr Pound!
would it be possible to follow a trail of physical locations where each node is to link the server and the client?
they probably don't store their data.
What about cache, there has to be some sort of cache
Rovert2001 The network is designed to prevent this sort of thing. If you control two nodes involved, though, you can start to identify the nodes between them, but that's difficult given the randomness and number of nodes available.
I would love to watch this guy have a conversation about TOR with Eli the computer guy. That would be interesting :)
Where can I read more about Facebook's integration?
Is this just something an `.onion` service can choose to do - connect directly to rendezvous node?
How does the introduction point send a message back to the server if it doesn't know it's IP address?
Andy Wilson this is key insight of tor. it allows client and server to communicate without knowing each other's identity or location. broadly the concept is the same as using a proxy - obscures info about the client from the server. definitely check out FAQ on the Tor website and also how-to's from the EFF
Thanks. I didn't know the TOR circuit remained open between the server and the introduction point.
No prob. Yeah, initially the circuit remains open. Once the rendezvous point is established, then the Introduction Point is out of the picture - just client, hop hop rendezvous, hop hop server.
Wouldn't these hidden servers have more traffic, giving away the fact that something is going on?
Larwood Onion routers aren‘t hidden, they‘re public.
What is the point of having "anonymous" Facebook, since the second you log on with your user name they know who you are?
You could use Facebook without anyone being able to associate your account with your real identity or the location you are currently in.
So that "Whistleblower XYZ" can put out confidential documents describing how "Company Z" uses baby powder made from real babies without "Company Z" being able to find the real identity of "Whistleblower XYZ" to have him "taken care off".
Your typical oppressive regime wouldn't be able to tell that you're on Facebook just by looking at your ISPs connection logs nor be able to block it. If you're posting under your real name however, they can still find you.
Crazy Hedgehog You can log in to facebook without being blocked by your firewall. If your country bans FB, you can still connect.
Please look into then Golden Shield Project. It was commissioned by china and made by western IT companies. You would like to think that the people running oppressive regimes are idiots but sadly journalists disappearing in such countries is not a rare occurrence, just rarely heard of since few people wants to risk being the next to go.
en.wikipedia.org/wiki/Golden_Shield_Project
why is this a reupload?
Why you need 3 nodes between RP and S? 2 nodes would work as well, didnt it?
Less chance that the Chinese government could own all of the nodes involved, as one example.
5:22 *The way the Distributed Hash Table is programmed the vast majority of nodes wont know what the descriptor is for a given key. Only one or a couple.*
Why one or a couple? Is it necessary to make the TOR network works ???
i think i asked this in the comments to his last video about onion routing but since it didn't get an answer I'm gonna ask it again here: to avoid the danger of someone correlating traffic going into and coming out of the TOR network, could you build into the protocol that the client node adds a random number of dud packets that are taken out while being passed on in the TOR network, and within the TOR network more dud packets are added? Shouldn't this completely screw up any chance of being able to correlate traffic? Wouldn't this advantage be even better if the client and server knew to delay random packets by a random amount of time as well?
heyandy x ah ok then. so those other protocols you mentioned, are they used by other dark web browsers then?
Would that slow traffic down to a slower crawl? Don't know just asking
as someone watching a lot of these videos in 2022, are these videos and the information provided still applicable now?
It's 2023 now, and yes, it still is. There are some details which have changed (like the key length), but Mike didn't cover those details anyway.
Was Facebook's Involvement with TOR a cause of the sort of recent lawsuit?