Why offer an Onion Address rather than just encourage browsing-over-Tor? (opens in new tab)

(alecmuffett.com)

250 pointskettunen4y ago130 comments

130 comments

62 comments · 15 top-level

nextaccountic4y ago· 15 in thread

> Using onion services mitigates attacks that can be executed by possibly-malicious “Tor Exit Nodes” — which, though rare, are not nonexistent

Is there any evidence that the majority of exit nodes aren't malicious? There's only 300 or so in the US, 300 or so in Germany, and in other countries even less. What would it take for three letter agencies to compromise most of it?

I mean, suppose all of the existing nodes weren't malicious. Could a government agency plausibly run 1000 exit nodes in a way that doesn't give away they are government-run? This would make the majority of exit nodes malicious.

stingraycharles4y ago

It’s not even about three letter agencies; many exit nodes are being scanned for passwords, if you happen to go through http instead of https.

Here’s research conducted years ago about this matter: https://www.vice.com/en/article/mgbdwv/badonion-honeypot-mal...

Effectively they set up a honeypot and used clear text passwords to log in, and plenty of exit nodes picked up on this and those credentials were later used to (attempt to) log in into the honeypot.

conradev4y ago

I will also point out that even if they are only observing ciphertext, they can still glean a lot:

http://web.cs.wpi.edu/~claypool/papers/yt-crawler/final.pdf

thealig4y ago

the article talks about the research stumbling upon exit nodes performing MITM and other sniffing but does not refer to the exact details. is there a paper for this?

only found this paper going over systematic process of exposing bad relays - http://www.cs.kau.se/philwint/spoiled_onions/pets2014.pdf

3 more replies

Stevvo4y ago

There were slides in the Snowden leaks where it laid out the NSA's strategy for dealing with TOR and compromising exit nodes was a big part of it. They have had the last 10 years to work on it; one might expect they had results.

RL_Quine4y ago

The behaviour of not always using the same exit means that you, over time, will almost assuredly use a malicious exit should more than zero exist. It's reckless to suggest that anybody should be using this system, your situation is almost always going to be worse than not.

bauruine4y ago

The only attacks an exit alone can do is sniff all traffic and modify the traffic. There are constant checks done by the Torproject to detect bad exits that modify traffic but sniffing is not detectable of course. But both of those attacks are mitigated by https which most sites support nowadays. Firefox and therefore the Tor Browser also has an option to disable http. [0] And using an .onion service removes this attack vector also.

[0]: https://support.mozilla.org/en-US/kb/https-only-prefs

2 more replies

heavyset_go4y ago

Even if every exit node in the US is operated by private people or organizations, courts can compel the node owners to work with the government and not talk about it.

MichaelBurge4y ago

Courts can't compel you not to talk. They can merely punish you after-the-fact.

So if you're talking about "everyone in a giant group of people" and doing it routinely, existence of those secret subpoenas seem like they'd get leaked eventually. Especially if it's hard to tell which of the 300 people leaked it.

1 more reply

bauruine4y ago

Can you just shutdown your nodes or can they force you to continue? Best practice for relay operators is to just stop the operation altogether if the authorities force you to attack the users.

1 more reply

nix234y ago

I know this is possible for organizations in the US, but for private persons too?

TuringTest4y ago

Aren't there warrant canaries set up to prevent this? Every website that can be compelled to behave that way should have one.

2 more replies

idontwantthis4y ago

What does compromising the exit do? I thought the layering means you would need to compromise the entire path to do anything.

foxfluff4y ago

Exit node is where the tor-encrypted path ends and traffic goes to the clearnet.

1 more reply

ufmace4y ago

Because it switches over to the clearnet there, the operator could do stuff like intercept non-https traffic or use a malicious DNS to attempt to MITM https traffic.

bawolff4y ago

Or just use HSTS. Problem solved.

bauruine4y ago· 11 in thread

If you are running an onion service but don't need to hide the server IP, like you do if you also provide clearnet access to the same server, you should enable single hop mode [0] to reduce the load on the Tor network and also speed up the connections. This way your server directly connects the introduction and rendezvous points while the client still stays anonymous with a 3 hop circuit.

[0]: Search for HiddenServiceSingleHopMode on https://2019.www.torproject.org/docs/tor-manual.html.en or just use the following config options

SOCKSPort 0

HiddenServiceNonAnonymousMode 1

HiddenServiceSingleHopMode 1

stingraycharles4y ago

For my understanding, usually establishing a connection with a hidden service involves two separate Tor circuits: one circuit for the visitor, but another full circuit for the hidden service.

This “Non Anonymous Mode” effectively omits the second circuit, and allows relays to connect directly to the hidden service’s IP address, thus significantly improving latency and reducing the strain on the Tor network?

zekica4y ago

That is correct, but note that not all tor nodes are exit nodes, so latency will be increased but troughput may even be better.

1 more reply

bauruine4y ago

Yes that's correct.

ycuser24y ago

I'm using Tor to access my local network services through hidden services. Since I don't need to hide my IP address I'm going to follow your advice gratefully. Didn't know that's possible.

_wldu4y ago

That's sort of like having backdoor access to your internal network (similar to teredo). Others may use it to gain access to that network. If it's your home, that may be OK to you, but if it is an employer, you may want to obtain approval to do that and be sure all of your hidden services use keys or strong passwords for access.

2 more replies

steerablesafe4y ago

Any reason you don't use some kind of VPN solution for that instead?

2 more replies

danuker4y ago

You are not just reducing load, you are also reducing anonymity for other participants. The extra hops make it harder to analyze the data overall.

bauruine4y ago

Could you please post a source for this? The only thing i could find is from the man page "However, the fact that a client is accessing a Single Onion rather than a Hidden Service may be statistically distinguishable." but I'm not sure what exactly the impact is from that.

goodpoint4y ago

Citation needed!

Any timing correlation attack carried on against entry and exit nodes is independent from the number of hops.

Terry_Roll4y ago

Tor is not anonymous just like VPN's are not anonymous when you have 5eyes oversight of the network. Its like watching trucks navigating around the road network, you can see the junctions they take and you can see where they start and end, but you cant see the contents of the truck.

The Road network and internet have an awful lot in common!

brnt4y ago

If I use Onionshare, where do I set this?

shp0ngle4y ago· 8 in thread

> The first benefits are authenticity and availability: if you are running Tor Browser and if you click/type in exactly the proper Onion address, you are guaranteed to be connected to what you expect — or not at all.

What? Writing raw onion addresses is like writing raw IPv6 addresses. Nobody can remember then and check them.

What is easier

> https://nytimes.com

> ej3kv4ebuugcmuwxctx5ic7zxh73rnxt42soi3tdneu2c2em55thufqd.onion

nsotelo4y ago

You can use the onion location header[0] to redirect the user, as mentioned in another comment thread.

0: https://community.torproject.org/onion-services/advanced/oni...

sp3324y ago

That has all the problems listed. The header could be modified or the response blocked by anyone who could modify or block the plain HTTP(S) response.

rosndo4y ago

> you are guaranteed to be connected to what you expect — or not at all.

Exactly the same guarantees are also achieved by putting your clearnet address on HSTS Preload lists, or by writing https:// in front of the url on the users side.

kevincox4y ago

But then you are relying on the CA system which is a huge risk. A significant benifit of onion addresses is that The key is distributed with the address. So as long as you get the address over a secure channel you are safe.

With https you need to get the address over a secure channel and hope that no CAs are compromised. The secure channel might be easier (because you can quickly memozrize twitter.com) but to avoid the second you need some complicated and not officially supported certificate pinning.

1 more reply

shaky-carrousel4y ago

Neither. Either can be mistyped. Nobody enters addresses directly anymore. Either you google them or you get them from bookmarks.

shp0ngle4y ago

Yeah so in case of Tor, people use DDG which is the default. And DDG, being bad and handling SEO spam worse than Google, often returns wrong onion address. (Which happened to me several times.)

And you cannot really check if it's the correct one.

At least on regular net, you have a chance to spot nytime5 is fake.

Etheryte4y ago

It's very easy to think that things we do ourselves are universal because they seem so intuitive and natural for us. I for one type addresses from scratch all the time.

Jerrrry4y ago

Onion addresses that are mistyped are almost certainly an invalid address.

It is not possible to squat onion domains for typo errors like you can clearnet addresses.

Similar to bitcoin, one character swapped breaks the hash-checksum, making the address 99.99999999% likely to be invalid.

p4bl04y ago· 3 in thread

It is possible to advertise your .onion address and offer automatic redirect to it for Tor Browser users using the "Onion-Location" HTTP header. Example with my personal home page:

    $ curl -I https://pablo.rauzy.name/
    HTTP/1.1 200 OK
    Server: nginx/1.14.2
    Date: Thu, 10 Mar 2022 14:04:44 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 2843
    Last-Modified: Sun, 23 Jan 2022 22:21:41 GMT
    Connection: keep-alive
    Onion-Location: http://c2fk5i7jqn7am7nfo7eb7hwrkclyj3jj4qcwgdh6ievp7v5ie4gd3mid.onion/

It would be interesting to try to see if the Tor Browser has a TOFU policy and warn its user if the onion address change after they visited the site once.

If it is the case then you combine the ease of access of typing a normal domain name and the Onion security through an HSTS equivalent mechanism.

kingcharles4y ago

Is there some sort of attack possible here where you could hand out unique onion addresses to each visitor, so when they connect with Tor you could fingerprint their Tor connection and match it to their cleartext connection? *takes off his black hat*

hpcoke4y ago

No, since the redirect only works in the Tor Browser, in which case the cleartext connection is still a Tor connection.

p4bl04y ago

Doing so you would only identify Tor exit nodes.

bawolff4y ago· 3 in thread

I think the only legit reason (assuming your clearnet site is using HSTS) is that .onion site reduces the risks of users screwing up. And i suppose better performance if you don't have to use exit bandwidth (i would guess, dont actually know)

Users are bad at security. If they fail to set up tor, .onion links don't work, so it acts as a barrier against users shooting themselves in the foot.

This is counterbalanced by higher phishing risks.

rosndo4y ago

> This is counterbalanced by higher phishing risks

I would argue that this is the much bigger footgun for users. Just look at how much money darknet users are losing to the big industry of .onion phishing pages.

bawolff4y ago

Its a fair argument. I think incorrect tor setup is a bigger risk for things like securedrop leaker stuff, where it is likely the first and only time the user will use TOR.

1 more reply

moltke4y ago

It's good motivation to start using client certs instead of passwords.

rosndo4y ago· 3 in thread

Most of the technical points listed here are pretty much entirely mitigated by TLS. Exit nodes can of course deny access to specific sites, but hidden services suffer from comparable (or worse) issues.

There are no other practical attacks that malicious exit nodes could execute against sites using TLS and HSTS preload lists. If you’re a website administrator, fixing those things should be your priority before implementing onion addresses.

Onion addresses also come with slight drawbacks. They’re difficult for users and more vulnerable to phishing. Hidden services are also extremely vulnerable to CPU-based DoS attacks.

egberts14y ago

But, but … BUT TLS man-in-the-middle at exit node isn’t fully mitigated … UNLESS TLS Client mode is used as well.

We all should know how infrequent this TLS Client mode get evoked, right, right? Yeah, righto.

rosndo4y ago

What real attacks would that enable?

bawolff4y ago

Wat? That's not true (i assume by client mode you mean client certificates aka mutual-tls)

1 more reply

linuxandrew4y ago· 2 in thread

I think the avoiding exit nodes part is probably the most important to me. Exit nodes have always been problematic - from memory about 20% of relays have an exit flag but most of the traffic is directed to the most performant relays. Tor actively discourages using the network for file sharing because of the exit node bottleneck.

I think there are probably some uses of the Tor network that aren't fully realised yet - file sharing (something similar to I2P) which avoids the exit node using onion addressing and chat applications (like Briar which uses onion addresses, or Secure Scuttlebutt).

As for web traffic, it is nice to offer an onion address. I wonder if websites could offer an "upgrade" to onion addresses, similar to how IPFS does?

bauruine4y ago

Yes there is the onion-location http header to upgrade from clearnet to .onion [0]

[0]: https://community.torproject.org/onion-services/advanced/oni...

Asan14y ago

The Tor network has 1Tbps+ of real exit capacity available, real usage is a small fraction of that.

Exit capacity as a significant bottleneck has not been a realistic issue for many years.

nonrandomstring4y ago· 2 in thread

I think some comments here are misunderstanding the intent of the article. For those saying TLS already solves... it is not advocating Tor as a replacement for transport layer security, indeed most Tor users also use TLS (and site certs) with little overhead.

No, the article is asking how you could, as a website owner, make things easier on Tor users and yourself! It starts with the assumption that you care, and want to help users who require better privacy.

It answers, though not in detail, the many HN readers who invariably post replies concerning Tor that "All my abuse comes through Tor".

Creating an .onion address mitigates that significantly.

tempestn4y ago

I'm not clear from the article how having an onion address helps website operators who receive abusive traffic through Tor. Perhaps some of that abusive traffic will come in via the onion address instead, but presumably such an operator will want to continue serving their regular site to Tor exit nodes as well, so I don't see how it would actually mitigate anything, nor make the malicious traffic easier to segregate from valid traffic over Tor. What am I missing?

nonrandomstring4y ago

> I'm not clear from the article how having an onion address helps website operators who receive abusive traffic through Tor.

No, it's not clear. Also "abusive traffic" is vague. Are you mainly concerned with shitposters, trolls, DOS attacks?

> What am I missing?

Maybe you're not missing it, but essentially it's a behavioural/social rather than technical challenge. Most abusers, ones that technical changes can address, operate at scale over HTTP/S and use Tor simply as a free VPN via regular exit nodes to hide their IP. The author calls this the "Wheat/chaff problem". Viewed this way, it's easiest for a site owner to just block all of Tor and kill all legitimate users too.

Most of those bulk abusers cannot be bothered to deal with marginal cases like using an overlay network with .onion addresses whereas those who _need_ Tor are highly motivated.

Other kinds of abusers, like persistent troll posters, are better dealt with by other means even if you're using HTTP/S.

1 more reply

noname1204y ago

This article beats around the bush but never explains why Onion addresses solve these issues.

From Wikipedia:

> Addresses in the onion TLD are […] automatically generated based on a public key when an onion service is configured.

> 256-bit ed25519 public key along with a version number and a checksum of the key and version number

That's all you need to know.

Sami_Lehtinen4y ago

> “.onion” address demands that the person is using a TorBrowser

Actually this is not true. Tor runs as SOCKS5 proxy, and you can use any browser or application with it.

JulianMorrison4y ago

Hiding the server IP is probably quite important when you want to get around nation states trying to blockade factual information.

djdjfhsje33edh4y ago

Another good reason is that Twitter launching an onion address has given Tor a lot of positive press in the mainstream media for a change.

_8j504y ago

Heh. An article for a two word answer: Tor exits.

Tepix4y ago

One reason that i haven't mentioned today is forcing users to use tor by only publishing a .onion address.

moltke4y ago

It's much harder to deanonymize people who are connecting to hidden services because they don't have to use exit relays which are often illegal to run.

j / k navigate · click thread line to collapse

130 comments

62 comments · 15 top-level

nextaccountic4y ago· 15 in thread

> Using onion services mitigates attacks that can be executed by possibly-malicious “Tor Exit Nodes” — which, though rare, are not nonexistent

stingraycharles4y ago

It’s not even about three letter agencies; many exit nodes are being scanned for passwords, if you happen to go through http instead of https.

Here’s research conducted years ago about this matter: https://www.vice.com/en/article/mgbdwv/badonion-honeypot-mal...

Effectively they set up a honeypot and used clear text passwords to log in, and plenty of exit nodes picked up on this and those credentials were later used to (attempt to) log in into the honeypot.

conradev4y ago

I will also point out that even if they are only observing ciphertext, they can still glean a lot:

http://web.cs.wpi.edu/~claypool/papers/yt-crawler/final.pdf

thealig4y ago

the article talks about the research stumbling upon exit nodes performing MITM and other sniffing but does not refer to the exact details. is there a paper for this?

only found this paper going over systematic process of exposing bad relays - http://www.cs.kau.se/philwint/spoiled_onions/pets2014.pdf

3 more replies

Stevvo4y ago

RL_Quine4y ago

bauruine4y ago

[0]: https://support.mozilla.org/en-US/kb/https-only-prefs

2 more replies

heavyset_go4y ago

Even if every exit node in the US is operated by private people or organizations, courts can compel the node owners to work with the government and not talk about it.

MichaelBurge4y ago

Courts can't compel you not to talk. They can merely punish you after-the-fact.

1 more reply

bauruine4y ago

Can you just shutdown your nodes or can they force you to continue? Best practice for relay operators is to just stop the operation altogether if the authorities force you to attack the users.

1 more reply

nix234y ago

I know this is possible for organizations in the US, but for private persons too?

TuringTest4y ago

Aren't there warrant canaries set up to prevent this? Every website that can be compelled to behave that way should have one.

2 more replies

idontwantthis4y ago

What does compromising the exit do? I thought the layering means you would need to compromise the entire path to do anything.

foxfluff4y ago

Exit node is where the tor-encrypted path ends and traffic goes to the clearnet.

1 more reply

ufmace4y ago

Because it switches over to the clearnet there, the operator could do stuff like intercept non-https traffic or use a malicious DNS to attempt to MITM https traffic.

bawolff4y ago

Or just use HSTS. Problem solved.

bauruine4y ago· 11 in thread

[0]: Search for HiddenServiceSingleHopMode on https://2019.www.torproject.org/docs/tor-manual.html.en or just use the following config options

SOCKSPort 0

HiddenServiceNonAnonymousMode 1

HiddenServiceSingleHopMode 1

stingraycharles4y ago

For my understanding, usually establishing a connection with a hidden service involves two separate Tor circuits: one circuit for the visitor, but another full circuit for the hidden service.

zekica4y ago

That is correct, but note that not all tor nodes are exit nodes, so latency will be increased but troughput may even be better.

1 more reply

bauruine4y ago

Yes that's correct.

ycuser24y ago

I'm using Tor to access my local network services through hidden services. Since I don't need to hide my IP address I'm going to follow your advice gratefully. Didn't know that's possible.

_wldu4y ago

2 more replies

steerablesafe4y ago

Any reason you don't use some kind of VPN solution for that instead?

2 more replies

danuker4y ago

You are not just reducing load, you are also reducing anonymity for other participants. The extra hops make it harder to analyze the data overall.

bauruine4y ago

goodpoint4y ago

Citation needed!

Any timing correlation attack carried on against entry and exit nodes is independent from the number of hops.

Terry_Roll4y ago

The Road network and internet have an awful lot in common!

brnt4y ago

If I use Onionshare, where do I set this?

shp0ngle4y ago· 8 in thread

What? Writing raw onion addresses is like writing raw IPv6 addresses. Nobody can remember then and check them.

What is easier

> https://nytimes.com

> ej3kv4ebuugcmuwxctx5ic7zxh73rnxt42soi3tdneu2c2em55thufqd.onion

nsotelo4y ago

You can use the onion location header[0] to redirect the user, as mentioned in another comment thread.

0: https://community.torproject.org/onion-services/advanced/oni...

sp3324y ago

That has all the problems listed. The header could be modified or the response blocked by anyone who could modify or block the plain HTTP(S) response.

rosndo4y ago

> you are guaranteed to be connected to what you expect — or not at all.

Exactly the same guarantees are also achieved by putting your clearnet address on HSTS Preload lists, or by writing https:// in front of the url on the users side.

kevincox4y ago

1 more reply

shaky-carrousel4y ago

Neither. Either can be mistyped. Nobody enters addresses directly anymore. Either you google them or you get them from bookmarks.

shp0ngle4y ago

Yeah so in case of Tor, people use DDG which is the default. And DDG, being bad and handling SEO spam worse than Google, often returns wrong onion address. (Which happened to me several times.)

And you cannot really check if it's the correct one.

At least on regular net, you have a chance to spot nytime5 is fake.

Etheryte4y ago

It's very easy to think that things we do ourselves are universal because they seem so intuitive and natural for us. I for one type addresses from scratch all the time.

Jerrrry4y ago

Onion addresses that are mistyped are almost certainly an invalid address.

It is not possible to squat onion domains for typo errors like you can clearnet addresses.

Similar to bitcoin, one character swapped breaks the hash-checksum, making the address 99.99999999% likely to be invalid.

p4bl04y ago· 3 in thread

It is possible to advertise your .onion address and offer automatic redirect to it for Tor Browser users using the "Onion-Location" HTTP header. Example with my personal home page:

    $ curl -I https://pablo.rauzy.name/
    HTTP/1.1 200 OK
    Server: nginx/1.14.2
    Date: Thu, 10 Mar 2022 14:04:44 GMT
    Content-Type: text/html; charset=utf-8
    Content-Length: 2843
    Last-Modified: Sun, 23 Jan 2022 22:21:41 GMT
    Connection: keep-alive
    Onion-Location: http://c2fk5i7jqn7am7nfo7eb7hwrkclyj3jj4qcwgdh6ievp7v5ie4gd3mid.onion/

It would be interesting to try to see if the Tor Browser has a TOFU policy and warn its user if the onion address change after they visited the site once.

If it is the case then you combine the ease of access of typing a normal domain name and the Onion security through an HSTS equivalent mechanism.

kingcharles4y ago

hpcoke4y ago

No, since the redirect only works in the Tor Browser, in which case the cleartext connection is still a Tor connection.

p4bl04y ago

Doing so you would only identify Tor exit nodes.

bawolff4y ago· 3 in thread

Users are bad at security. If they fail to set up tor, .onion links don't work, so it acts as a barrier against users shooting themselves in the foot.

This is counterbalanced by higher phishing risks.

rosndo4y ago

> This is counterbalanced by higher phishing risks

I would argue that this is the much bigger footgun for users. Just look at how much money darknet users are losing to the big industry of .onion phishing pages.

bawolff4y ago

Its a fair argument. I think incorrect tor setup is a bigger risk for things like securedrop leaker stuff, where it is likely the first and only time the user will use TOR.

1 more reply

moltke4y ago

It's good motivation to start using client certs instead of passwords.

rosndo4y ago· 3 in thread

Onion addresses also come with slight drawbacks. They’re difficult for users and more vulnerable to phishing. Hidden services are also extremely vulnerable to CPU-based DoS attacks.

egberts14y ago

But, but … BUT TLS man-in-the-middle at exit node isn’t fully mitigated … UNLESS TLS Client mode is used as well.

We all should know how infrequent this TLS Client mode get evoked, right, right? Yeah, righto.

rosndo4y ago

What real attacks would that enable?

bawolff4y ago

Wat? That's not true (i assume by client mode you mean client certificates aka mutual-tls)

1 more reply

linuxandrew4y ago· 2 in thread

As for web traffic, it is nice to offer an onion address. I wonder if websites could offer an "upgrade" to onion addresses, similar to how IPFS does?

bauruine4y ago

Yes there is the onion-location http header to upgrade from clearnet to .onion [0]

[0]: https://community.torproject.org/onion-services/advanced/oni...

Asan14y ago

The Tor network has 1Tbps+ of real exit capacity available, real usage is a small fraction of that.

Exit capacity as a significant bottleneck has not been a realistic issue for many years.

nonrandomstring4y ago· 2 in thread

It answers, though not in detail, the many HN readers who invariably post replies concerning Tor that "All my abuse comes through Tor".

Creating an .onion address mitigates that significantly.

tempestn4y ago

nonrandomstring4y ago

> I'm not clear from the article how having an onion address helps website operators who receive abusive traffic through Tor.

No, it's not clear. Also "abusive traffic" is vague. Are you mainly concerned with shitposters, trolls, DOS attacks?

> What am I missing?

Most of those bulk abusers cannot be bothered to deal with marginal cases like using an overlay network with .onion addresses whereas those who _need_ Tor are highly motivated.

Other kinds of abusers, like persistent troll posters, are better dealt with by other means even if you're using HTTP/S.

1 more reply

noname1204y ago

This article beats around the bush but never explains why Onion addresses solve these issues.

From Wikipedia:

> Addresses in the onion TLD are […] automatically generated based on a public key when an onion service is configured.

> 256-bit ed25519 public key along with a version number and a checksum of the key and version number

That's all you need to know.

Sami_Lehtinen4y ago

> “.onion” address demands that the person is using a TorBrowser

Actually this is not true. Tor runs as SOCKS5 proxy, and you can use any browser or application with it.

JulianMorrison4y ago

Hiding the server IP is probably quite important when you want to get around nation states trying to blockade factual information.

djdjfhsje33edh4y ago

Another good reason is that Twitter launching an onion address has given Tor a lot of positive press in the mainstream media for a change.

_8j504y ago

Heh. An article for a two word answer: Tor exits.

Tepix4y ago

One reason that i haven't mentioned today is forcing users to use tor by only publishing a .onion address.

moltke4y ago

It's much harder to deanonymize people who are connecting to hidden services because they don't have to use exit relays which are often illegal to run.

j / k navigate · click thread line to collapse