Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security Technology

Unprecedented Spike In TOR .Onion Nodes ( 57

Martin S. writes: The Tor project is reporting an unprecedented rise in unique .Onion nodes, rising from around 40k to 60k in just a few days, says security researcher Professor Woodward. I wonder is this could possible be related to Shari Steel plan to push Tor mainstream, as reported on /. a few days ago.
This discussion has been archived. No new comments can be posted.

Unprecedented Spike In TOR .Onion Nodes

Comments Filter:
  • Duh (Score:5, Insightful)

    by Anonymous Coward on Saturday February 20, 2016 @04:22AM (#51547441)

    More FBI nodes to more easily de-anonymize the network.

    • More FBI nodes to more easily de-anonymize the network.

      My first thought. That's half as many added in a few days - something's fishy.

    • by gweihir ( 88907 )

      Standard paranoia and standard cluelessness: .onion-nodes do not help for that at all.

  • Sites, not nodes (Score:5, Informative)

    by Anonymous Coward on Saturday February 20, 2016 @05:04AM (#51547533)

    The number of hidden services (.onion sites) has increased, not the number of exit or relay nodes.

    Personally, I don't see 20k more hidden services as a big number: I'm surprised there are so few total (60k). Tor hidden services are a great way to run a server with a dynamic IP address and solve NAT and fire wall issues all at once for free when trying to run a personal server. It also solves several other problems people generally care less about (hides your IP to prevent traffic DDOS attacks, and protects your identity), provides an easy mechanism to have multiple servers serving the same address for redundancy, provide end to end encryption (if the client is also using tor) and makes your service more accessible to clients using TOR (they don't have to go through an exit node).

    Tor hidden services are great for low-bandwidth latency tolerant random services you might want to serve off your laptop or phone from time to time. I found it easier to setup most alternatives for solving any one of these issues: I set up a tor hidden service on the first try with no issues. It was easier than getting my dynamic DNS working, and also easier than forwarding a port through my router. (You can host a tor hidden service without port forwarding since all the connections the server makes are actually outward to the poxy nodes).

    Really I think the only big issue with them is the latency, and lack of IPv6 support. On that note, I recently had an IPv4 outage for a while and it was interesting to see what worked on IPv6 only.

    • Re:Sites, not nodes (Score:4, Interesting)

      by Anonymous Coward on Saturday February 20, 2016 @08:00AM (#51547833)

      How does the Tor swarm work anyway when most people don't have open ports for listening? Btw I'm posting this from Tor, kudos to Slashdot for allowing it when most sites are a PITA to use from Tor.

      • Re: (Score:2, Informative)

        by Anonymous Coward

        As with any TCP/IP connection, only one side of each connection needs to be listening. In the case of TOR, the user doesn't need any open ports, only the relays need to have open ports. The major misunderstanding I've seen of TOR (especially recently) is that it isn't a "swarm" in the sense that not every user is a relay and even less are exits, you have to specifically enable those settings.

    • by Anonymous Coward

      Hmm, I think Retroshare is even better for a personal server. Retroshare will even reconnect to mobile computers.

  • Encryption trojans (Score:5, Interesting)

    by Anonymous Coward on Saturday February 20, 2016 @05:12AM (#51547543)

    There's a recent spike in encryption trojans, too. The recovery-keys are provided through TOR.

    Looks like its generating specific servers to get the keys from for every victim.

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Yes, i have seen this trojan twice last week, in different company, sure that the increase of tor's nodes come from that.

    • by Anonymous Coward

      Yes, Dr. Woodward did mention the Locky ransomware in his blog post. He also mentioned on Twitter that these new onions also seem to have started shutting down shortly after the media buzz revealed it. Funny that...

    • That is definitely what I would attribute the spike to. Who else would have the motivation to basically suddenly open 20,000 new websites as hidden services? Ransomware writers! And they all have the motivation and resources.
  • by PolygamousRanchKid ( 1290638 ) on Saturday February 20, 2016 @05:28AM (#51547573)

    . . . that they sold and delivered a 20K server to the NSA . . .

  • by WoOS ( 28173 ) on Saturday February 20, 2016 @05:42AM (#51547585)

    According to TFA (yes, I know, I am not supposed to read it) this could be caused by the anonymous messaging application Ricochet [] which apparently creates a hidden service for each user.
    Would have expected that that information was mentioned in the summary.

  • Sceptical old me (Score:4, Interesting)

    by liqu1d ( 4349325 ) on Saturday February 20, 2016 @07:02AM (#51547725)
    This reads more of an ad for Ricochet than anything substantial.
  • []

    This is probably the safest way to use Tor.

  • Government spying nodes.

The Macintosh is Xerox technology at its best.