Academic paper from last month’s International World Wide Web Conference for people who enjoy reading such things. :-)

*"Our approach involves injecting malicious Monero Tor hidden service nodes into the Monero P2P network to correlate the onion addresses of incoming Monero Tor hidden service peers with their originating transactions.

And by sending a signal watermark embedded with the onion address to the Tor circuit, we establish a correlation between the onion address and IP address of a Monero Tor hidden service node."*

  • breadsmasher@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    5 months ago

    Deanonymizing Transactions Originating from Monero Tor Hidden Service Nodes

    That is the actual title of the paper, which is very different to what OPs implies.

    • Scolding0513@sh.itjust.works
      link
      fedilink
      arrow-up
      5
      ·
      5 months ago

      also the attack requires a very large % of both monero nodes communicating with tor and also tor nodes themselves. unless there is something im not understanding. i read the paper for a while, that’s what it seemed to me

        • Scolding0513@sh.itjust.works
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          looks like 20% of guards are run on Hetzner gear. this is really bad considering they are knowm to be backdoored by feds. yet somehow everyone forgot, like they always do. sad shit.

          • boldsuck@scribe.disroot.org
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            5 months ago

            Yes, for years we in the Tor community have been trying to point out this to new relay operators: https://community.torproject.org/relay/technical-considerations/ Try to avoid the following hosters:

            • OVH SAS (AS16276)
            • Online S.a.s. (AS12876)
            • Hetzner Online GmbH (AS24940)
            • DigitalOcean, LLC (AS14061)
            • Frantech/BuyVM (AS53667) is also often full, because Francisco allows exits and he takes care of the abuse mail shit.

            Guards, bridges and middle relays can actually be operated at nearly any hoster. They don’t get abuse and don’t attract attention. It’s difficult to find a hoster for an exit. It’s best to have your own AS.

            • Scolding0513@sh.itjust.works
              link
              fedilink
              arrow-up
              5
              ·
              5 months ago

              thanks for the additional info.

              tor project needs to make a big announcement or something, because basically you can consider these nodes as being run by the fucking NSA/5eyes. this is really bad. one of the reasons i dont trust TOR alone for certain things anymore.

        • Scolding0513@sh.itjust.works
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          5 months ago

          interesting stuff, thanks for the info.

          also did you see this in the paper?

          In Timed Sync Response messages from a Tor client node to its outgoing hidden service peers, the last address in peer list is certainly different between different Timed Sync Response messages because only unshared onion addresses are sent. On the other hand, all Timed Sync Response messages from a Tor hidden service node to its outgoing hidden service peers have the same the last onion address in peer list, which is always its own onion address. Therefore, the repetition of the last address of Timed Sync Response messages from a Monero Tor hidden service node to its outgoing Monero Tor hidden service peers can be exploited by an attacker to identify incoming Monero Tor hidden service peers from incoming Monero Tor client peers and obtain its onion address.

          is this a bug or a feature? have you spoken to anyone in the tor community about this? is there a going to be a mitigation for this? this seems concerning, yet I’ve seen no one talk about, which is even more concerning.

          Edit: my bad, I forgot this is a Monero thing lol, not a TOR node thing

  • hfond@monero.town
    link
    fedilink
    arrow-up
    6
    ·
    5 months ago

    This chinese paper boils down to the common psychopathic wet dream: an adversary with unlimited resources will control every aspect of life in a totalitarian fashion. It’s a fluff: collecting IPs does not “de-anon” any monero tx.

    Don’t be intimidated, this has never materialzed in the last 10000 yrs. In fact, China has legalized (illegal) mining (metal) coins after its paper currency collapsed (in the 15th century). It can happen again.

    They don’t like us — and we don’t like them. This aggression against humanity will not stand.

  • boldsuck@scribe.disroot.org
    link
    fedilink
    arrow-up
    1
    ·
    5 months ago

    And by sending a signal watermark embedded with the onion address to the Tor circuit, we establish a correlation between the onion address and IP address of a Monero Tor hidden service node

    And what does that achieve? He can also easily find my Monero node IP’s + IPv6’s + onion addresses in a Github issue and does not need research wodoo. ;-) He cannot see who connects his wallet there via Tor.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      5 months ago

      It could help if they want to ban Monero and find those who are probable to be using it, and those who are contributing to the infrastructure.