A Privacy-Preserving Longevity Study of Tor's Hidden Services
share
Tor and hidden services have emerged as a practical solution to protect user privacy against tracking and censorship. At the same time, little is known about the lifetime and nature of hidden services. Data collection and study of Tor hidden services is challenging due to its nature of providing privacy. Studying the lifetime of hidden services provides several benefits. For example, it allows investigation of the maliciousness of domains based on their lifetime. Short-lived hidden services are more likely not to be legitimate domains, e.g., used by ransomware, as compared to long-lived domains. In this work, we investigate the lifetime of hidden services by collecting data from a small (2 on the data collected, we devise protocols and extrapolation techniques to infer the lifetime of hidden services. Moreover we show that, due to Tor's specifics, our small subset of HSDir relays is sufficient to extrapolate lifetime with high accuracy, while respecting Tor user and service privacy and following Tor's research safety guidelines. Our results indicate that a large majority of the hidden services have a very short lifetime. In particular, 50 of all current Tor hidden services have an estimate lifetime of only 10 days or less, and 80
READ FULL TEXT