TOR Hidden Services - Computerphile

The thing I like about this guy is that I get it, and it all makes sense in one pass. He's got a gift.

Can this guy just take over the channel, I think its about time...

These professors on Computerphile are just amazing. I wish I would have had the oportunity to learn from people like these when I was in uni.

"Facebook is trying to protect their customer" - *laughs in 2018*

Just stumbled on this channel. Really like the way this guy explains things. Really clear, really concise. Also really like that he draws things out on mainframe printer paper. Takes me back.

Every time I see Dr Mike Pound in my subscription feed, I have watch the video

You guys should make a video telling people how you can be identified even if you are trying to be anonymous. He talked about data trafficking correlation, but there are other things that can identify you. Something very mundane, like the resolution you use, the browser etc.

I don't even use TOR, but damn, it's design is clever and interesting. Good job on the videos!

This dude is my favourite on Computerphile. He's one step away from being a criminal mastermind

_uses two colors_
well im out of colors, so im going to use a third color, orange.
oh, ok

"It's Facebook, we know where their server is. Their business is protecting their customers."
AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

What I want to to know is where this dude got the nostalgic stripy green fanfold tractor-feed paper that doesn't even look yellowed?? I remember when "backup" meant dumping your data onto 137 boxes of that stuff. [cough wheeze creak]

"Stuff happens here, encrypted stuff..."

I’m so sick of Facebook and that’s why I deleted my account. I couldn’t be happier and should’ve done it years ago.

the best feature of tor hidden services to me is NAT punching. it basically allows a user to have a pc behind a NAT and still have a .onion address to SSH it. this is amaizing.

You guys should do a video on some of the weakness of TOR that have come out in the past year!

Seven words:
Professor Brailsford, Tom Scott and Mike Pound
Like if you agree!

An episode about firewalls would be awesome.

He is right; i found Onion cookies recipe in the deep&dark web. Excellent video, thank you

All these onions are making me cry

I think it's interesting how Facebook is embracing Tor users while other sites deny service to them altogether.

It seems like the main drawback is that an attacker with large servers could populate the node list with thousands or more of nodes, track down regular users, and hit them with a denial of service for a short window to control all traffic passing through the network, and easily sniff users out.

I'd love a video on the fall of silk road and transaction malleability. Keep up the great videos!

I am not an expert in cryptograph/security, but I am quiet well versed in distributed systems. It would seem to me that the key to hidden services is that the server hosting the service operates using TOR cells (packets? not sure on nomenclature here). Since the cells are all the same size and encrypted, it becomes infeasible using simple/traditional means to correlate data packets at the destination to those from a client origin. Without hidden services the destination servers will have traditional IP packets that are susceptible to correlation using data size and timing techniques. Is this a correct interpretation of hidden services?
The introduction points, DHT, onion address, etc. all seem like a cryptographic replacement of DNS with a method to bridge two TOR circuits. That, in itself, doesn't seem like it provides the extra anonymity of the hidden service.

Wonder if they ever will do episode on computerphile of why Tor browser suggests it not be opened to full screen or it can be tracked. How can opening the tor browser to full window be possibly be used to track someone?

Does this guy have his own channel?

I'm not an informatic and I won't ever know how to actually make all the things he says, but just understanding all of this is very fun and informative.

Another amazing video. Do you know the details about how Silk Road was taken down?

Is there any way that you can open the auto-captions in videos? Sometimes it is harder to understand with the accent if you are not the native speaker.

As for 01:09, even if someone is sniffing A and B, they can't prove that B is A because B's source IP is of some machine the the TOR network. Unless you follow through all the nodes A used to B, you can't show they are connected. Correct me if I'm wrong.

I see you found something to do with those reams of dotmatrix paper... :)

Been wondering how it worked for some time now and was too lazy to search. This video is gold

"is TOR worth the criminality that is on there and so on" is the same argument governments make eroding fundamental rights in the name of terrorism. If your moral compass is based on legalities I'd suggest you have chosen a poor foundation. Let me re-frame your statement: is it worth letting the law diminish your fundamental right to choose how to live your life (non aggression principle withstanding)?

I'm not sure if you guys do this or not, but could you do a video about Kali Linux/Kali Nethunter and penetration testing, and perhaps a video about DNS queries and how OSs like TAILS and Whonix allegedly prevent DNS leakage? I know I'm asking for quite a bit of content here... Just thought I'd ask and see what I get. Lol. Thanks for all the great videos. They've been greatly informative as I endeavor to learn more about networking and programming.

Yet another great overview!

00:17
"A lot of what happens... is illegal"
Yeah, like entrapment❗

All of that is a debate based on nonsensical assumptions.
"Is Anonymity worth Criminality?" makes no sense, you cannot get rid of the criminality anyway.

It’s a crying shame that with the way things are going with device and software manufacturers, web services and trackers, and all out privacy invasion from government entities these days that in order to even get a resemblance of privacy and security, one actually needs to go down this rabbit hole to even start protecting their rights and dignity... A crying shame...

Onionymous services

Please make a video about h265 and h264.
I understand that h265 is more efficient? and should give a better quality at the same bitrate..
but which has better quality 2.6GB h264 1080p or 580MB h265 1080p?

Couldn't a nation state create an extraordinarily large number of Tor nodes on the cloud and monitor them all? Wouldn't that increase the odds of being able to track Tor users? If a nation state created 10,000 virtual PC based Tor nodes would that increase tracking potential? How about 50,000 nodes scattered all over the world? If the nation state could monitor all of them does this increase their chances of tracking Tor traffic and capturing data streams?

Shout-out to Ross Ulbricht

I just installed Tor on my phone and now getting this video recommendation.

clear video👌

This channel provides a better education than my computer science degree smh

I literally fell asleep to this. not in a bad way at all. it calms me

0:53 I haven't seen that paper in a long time. Great explanation. Thanks,

Had no clue this much was going on with Tor. Didn’t really know what was going on at all before this.

This was really well articulated thank you

I love Tor for stuff that i can't gain access to (10 percent), while (95percent) of the stuff i reguarly have access to on the daily i use my other daily browsers are my Chrome browser and MSFT Edge.

I would be appreciate if you made a video about I2P and Freenet too.

I know next to nothing going into this, so forgive my ignorance with this question.
You've said that if someone had control of the initial entry point into the network and the final exit node, that they could decode the information they wanted (right?).
Some quick Google-fu leads me to believe there are less than 1000 exit nodes currently in operation.
What's to stop, say, the NSA from generously starting up another 1000 exit nodes of their own, giving them a 50% chance of having control over any given exit node? Thereby effectively eliminating that second requirement and leaving them only with a need to sniff around at the initial entry point.
Again, forgive me if I've completely misunderstood something (or several things).

best books for networking and cloud computing ?

The more I think about hidden services and the more it appears that it's in effect a virtual drug dealer network. There are people trying to buy (clients), people producing and selling (servers), people that redistribute the drug (dealers, here introduction points), and then rendez-vous places where to buy the drug. It's really amazing to see it that way, it makes perfect sense lol.

Computerphile can you please add subtitles? English is not my first language and I find some of your videos tough to comprehend.

Is there something in place that prevents the IP and the RP from being the same router?

This video when over my head.

i love this channel.

this guy has the most soothing voice

W00t thanks for this follow-up as we requested!!!

Can you make a video explaining the math behind onion routing?

Somewhere out there someone is having a fit because the title says TOR instead of Tor.

Unrelated, but I think it's very interesting that he writes left-handed, but uses a mouse in the right hand. Most likely this isn't his desk or office, but if any lefties out there have any insight or reasoning to this, reply! I'm curious. (also note the amount of fingerprints on the right side of the monitor, egregious as touching a screen may be)

5:10 or a pastebin document publishing a big fat list of them (but usually only sharing the doc with a certain group), as is the case for some services

An easier way to break down what this guy is saying. A client(the user on a computer) makes a request to send packets to a server over the internet. Lets say there is three routers(A,B,C) that the packets have to go thru in order to get to the service. Client -> Router A(Router A knows the packets came from the client. Now Router A will "peel back the information that the packets came from the client"). Now the packets are at Router B(Now Router B will "peel back the information that the packets came from A"). Then router C does the next thing. These routers are picked completely at random in the Tor network. The whole time that the packets are traveling to the service, none of the routers have the ip address destination of the service. In addition, the nodes(aka the routers) do not record the path that the packets traveled in , adding to its anonymity. An Onion address is how the packet gets there.

I would like to see a video about pluggable transports and how they work

You made a small mistake ._.
The RP doesn't connect to one of the introduction points, it only
receivces the one time secret at the beginning. Afterwards the client
sends the one time secret and the address of the RP to an introduction
point, encrypted with the public key of the server, through a tor
circuit. The introduction point sends the package to the server, which
connects through a new circuit, but with the same Guardian Node to the
RP and tells it the secret.
The rest of the video should be correct.
(check the torproject docs, if you don't believe me)

Thank you for all the services you provide free of cost and it is not even hidden :P

Could you randomly divide the traffic (every 8,16 or 24 bits) between 3 different, unconnected circuits?

"It's Facebook, we know where the servers are" that did not age well (4th of october, 2021)

Awesome channel, especially this guy do explanation so easy.

I like the ghost cube up on the shelf.

So when do we get an I2P video?

Wouldn't these hidden servers have more traffic, giving away the fact that something is going on?

I would love to watch this guy have a conversation about TOR with Eli the computer guy. That would be interesting :)

5:30 - Until recently? So it means now there's an easy way of finding secret services?

Was Facebook's Involvement with TOR a cause of the sort of recent lawsuit?

You can deduce the video's progress just by measuring the amount of marker there is on Dr Mike's hands

thanks. exited with the content of your channel , am a big fan.
....please i wish to ask ,are websites on the dark web coded with normal web languages???.

Tor's hidden services are alright, but how about a video or two about I2P which is designed for "hidden services" instead of browsing the clearnet anonymously like Tor was designed for?

Maybe talk about Hyperboria/CJDNS next?

Maybe I didn't get this right, but with the single union facebook example you described, coulnt someone theoreticaly still sniff at the entry node and exit node to do a corilation based attac, since the exit node can know the identity of the server?

What if the introduction point is compromised?

How can the dark web be so bad if people are just sharing "cookies"?

With the in→out thing be possible to counteract by random padding going in that is dropped at the last node before being sent out, making it harder to correlate the two?

Who captioned this? 10:18 is complete garbage.

Since when is Facebook, the data-mining king, concerned with client anonymity?

Another missleading video where they say correlation attacks cant be done might wanna use google once in a while because that should be common knowledge for anyone using tor that correlation attacks can work and have done so in the past. (Atleast he pointed out that tor is mostly used for good not bad thats a start)

Why you need 3 nodes between RP and S? 2 nodes would work as well, didnt it?

2:22 and there goes a tree, "Timber!"

That seemed safe with so many layers of anonymity and encryption. Unlike to what happens on a normal web. We would be throwing out much more info on a normal web than on dark web then why is it so that dark web is considered to be much more unsafe to browse than normal web?

What is the point of having "anonymous" Facebook, since the second you log on with your user name they know who you are?

I love your videos Mike! *hugs*

i think i asked this in the comments to his last video about onion routing but since it didn't get an answer I'm gonna ask it again here: to avoid the danger of someone correlating traffic going into and coming out of the TOR network, could you build into the protocol that the client node adds a random number of dud packets that are taken out while being passed on in the TOR network, and within the TOR network more dud packets are added? Shouldn't this completely screw up any chance of being able to correlate traffic? Wouldn't this advantage be even better if the client and server knew to delay random packets by a random amount of time as well?

His repeated point about if you log in to anything when on TOR, then the point is deafeated - actually, no. Say we're talking about the Silk Road, and you use TOR to go on there and login. They're gonna know that user "Byte387" has logged in, and they're gonna know that that user is doing whatever it is, but they're not gonna know who *you* are - not your real name or your location etc.
That's the point of all this. You're completely hidden behind the username, and it's gonna be very hard for anyone else to figure out what that username's real name is.

If you set up two onion routers yourself, isn't there a teeny tiny chance that there could be an encrypted message sent between them, and therefore they possess the encryption key to decrypt that message? Or if you had 6 of them, an even teenier tinier chance that you'd possess all 6 to decrypt them.
Not a computer scientist or anything, but with more thought: if you had a huge bank of routers - like say, you were the NSA developing the onion router network - that were able to communicate both as routers and to observe the traffic in and out of each individual router (without compromising it), could you set up something to observe the huge network and matching keys sent with keys received between units (no decryption necessary, just matching), occasionally possessing all 6 communicating nodes of traffic for a connection and therefore being able to track both the server and user side from the first and last node?

Does that hidden server cycle its introduction points inside of this onion cloud? Or does it not need to?
And are they manually picking these points or is it part of the TOR protocols? Are they able to pick them?

Where can I read more about Facebook's integration?
Is this just something an `.onion` service can choose to do - connect directly to rendezvous node?

Are those printer papers from the 80's?

So could a hidden service become so popular, it become un-hidden but still provide anonymity.