*"Our approach involves injecting malicious Monero Tor hidden service nodes into the Monero P2P network to correlate the onion addresses of incoming Monero Tor hidden service peers with their originating transactions.

And by sending a signal watermark embedded with the onion address to the Tor circuit, we establish a correlation between the onion address and IP address of a Monero Tor hidden service node."*

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 5 months ago* (last edited 5 months ago)

interesting stuff, thanks for the info.

also did you see this in the paper?

In Timed Sync Response messages from a Tor client node to its outgoing hidden service peers, the last address in peer list is certainly different between different Timed Sync Response messages because only unshared onion addresses are sent. On the other hand, all Timed Sync Response messages from a Tor hidden service node to its outgoing hidden service peers have the same the last onion address in peer list, which is always its own onion address. Therefore, the repetition of the last address of Timed Sync Response messages from a Monero Tor hidden service node to its outgoing Monero Tor hidden service peers can be exploited by an attacker to identify incoming Monero Tor hidden service peers from incoming Monero Tor client peers and obtain its onion address.

is this a bug or a feature? have you spoken to anyone in the tor community about this? is there a going to be a mitigation for this? this seems concerning, yet I've seen no one talk about, which is even more concerning.

Edit: my bad, I forgot this is a Monero thing lol, not a TOR node thing