TOR Hidden Services - Computerphile
The Dark web allows users to hide services using TOR, but how? Dr Mike Pound explains.
Onion Routing: • How TOR Works- Compute...
The Perfect Code: • The Perfect Code - Com...
Max's Deep Web Video : • Web vs Internet (Deep ...
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computer Science at the University of Nottingham: bit.ly/nottscomputer
Computerphile is a sister project to Brady Haran's Numberphile. More at www.bradyharan.com
Пікірлер: 738
The thing I like about this guy is that I get it, and it all makes sense in one pass. He's got a gift.
@minimoto2883
5 жыл бұрын
It's because he's English hehe
@meeluangkhot7086
3 жыл бұрын
@@minimoto2883 ห
@meeluangkhot7086
3 жыл бұрын
หนังเรื่องใหม่
@meeluangkhot7086
3 жыл бұрын
@@minimoto2883โอเวอร์
@meeluangkhot7086
3 жыл бұрын
@@minimoto2883 เส้นเลือดข
Can this guy just take over the channel, I think its about time...
@cheeseguy7269
7 жыл бұрын
agreed xd
@xPROxSNIPExMW2xPOWER
7 жыл бұрын
still does't mean he can't take over the channel lol
@SteveUrlz
7 жыл бұрын
++
@endrigolloshi493
7 жыл бұрын
He can't. He has knowledge for some things, but not all.
@xPROxSNIPExMW2xPOWER
7 жыл бұрын
having a PhD in Computer Scince, aren't you required to know pretty much everything and keep yourself updated on the new theories and papers since he is doing research, or am I mistaken
"Facebook is trying to protect their customer" - *laughs in 2018*
@keinunvergebenesaliasgefunden
5 жыл бұрын
But isn't Goldman Sachs their main customer?
@nelsonjimenez7939
5 жыл бұрын
Liberals will get angry
@nils_r
4 жыл бұрын
Facebook is trying to protect their data, from other data horders
@yohaneschristianp
3 жыл бұрын
Facebook: We care about you, your data 2020
@srulizuckerman7212
3 жыл бұрын
Just wait til 2020 😂
These professors on Computerphile are just amazing. I wish I would have had the oportunity to learn from people like these when I was in uni.
_uses two colors_ well im out of colors, so im going to use a third color, orange. oh, ok
@Houdini111
7 жыл бұрын
That orange was a highlighter. The others were markers.
@carrotman
7 жыл бұрын
*colour
@PleasestopcallingmeDoctorImath
7 жыл бұрын
Carrotman no. im canadian and its or for me. has saved and will continue to save countless seconds
@lubomirsalgo7638
7 жыл бұрын
Doctor Robotnik, I like your use of countless :)
@carrotman
7 жыл бұрын
You're quoting an English man. So would it count as a translation?
"It's Facebook, we know where their server is. Their business is protecting their customers." AHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA
@Cynderfan35
4 жыл бұрын
"wait you are serious?" *bender laughs even harder*
@ClassifiedPerson
3 жыл бұрын
I am the product😑
@jessicablack5306
2 жыл бұрын
Since I downloaded Tor the browser has links saying that people should stop using Facebook and other similar apps. Again that came from a few places on Tor.
@MrTylersmash
2 жыл бұрын
@@jessicablack5306 well yeah everyone should be saying that, Facebook is horrible with how invasive they are, in Australia there's already videos up of police with papers in their hands and those pages have the persons Facebook information they're using it to justify arrests now. Also if you use any Amazon products like Alexa, hook up your Alexa to your computer and browse the files, you might not know it but there's numerous files being made of recordings of you, even when it's off.
Every time I see Dr Mike Pound in my subscription feed, I have watch the video
Just stumbled on this channel. Really like the way this guy explains things. Really clear, really concise. Also really like that he draws things out on mainframe printer paper. Takes me back.
"Stuff happens here, encrypted stuff..."
I don't even use TOR, but damn, it's design is clever and interesting. Good job on the videos!
@kezzyhko
3 жыл бұрын
@@MattInIllinois many people don't mind that, or even like that
@Filipcorobivblenderi
3 жыл бұрын
@@MattInIllinois so just dont use google, you dont need tor.
@jesse1511
Жыл бұрын
What do you use instead of tor ?
You guys should make a video telling people how you can be identified even if you are trying to be anonymous. He talked about data trafficking correlation, but there are other things that can identify you. Something very mundane, like the resolution you use, the browser etc.
@heyandy889
7 жыл бұрын
Marcos Vinícius Petri and third party scripts
@Nautilus1972
4 жыл бұрын
You must protect your entry into the TOR network and your exit from it - you are vulnerable at both points e.g. with a VPN as another layer.
@michaelarlen7805
4 жыл бұрын
Nautilus1972 Using VPN with tor actually decreases anonymity. Tor project doesn’t recommend it. VPN server IP addresses are known, so you have a known exit point when using them.
@SmellyLegend
3 жыл бұрын
Meta data. contact lists. You are identified by your associations you make through most app/servers
@prakharmishra3000
3 жыл бұрын
Watch the hated one. He makes vids about that
This dude is my favourite on Computerphile. He's one step away from being a criminal mastermind
What I want to to know is where this dude got the nostalgic stripy green fanfold tractor-feed paper that doesn't even look yellowed?? I remember when "backup" meant dumping your data onto 137 boxes of that stuff. [cough wheeze creak]
@Abby_Liu
4 жыл бұрын
from the storage room in this university I'd imagine.
An episode about firewalls would be awesome.
@obfuscated3090
5 жыл бұрын
Or your could read about them and get far more detail.
@austinmcpeak1926
5 жыл бұрын
Bakipll you mean virtual broken condom.
@exactzero
3 жыл бұрын
@@obfuscated3090 Booo...
All these onions are making me cry
Seven words: Professor Brailsford, Tom Scott and Mike Pound Like if you agree!
@johnnyblack612
4 жыл бұрын
Who are them?
@Fleurlean4
4 жыл бұрын
That’s eleven words.
@Marjannuel
3 жыл бұрын
Tom Scott! My teacher
@rz2374
3 жыл бұрын
@YASH TRIVEDI He has his own channel, just put Tom Scott into youtube
Been wondering how it worked for some time now and was too lazy to search. This video is gold
He is right; i found Onion cookies recipe in the deep&dark web. Excellent video, thank you
I'd love a video on the fall of silk road and transaction malleability. Keep up the great videos!
You guys should do a video on some of the weakness of TOR that have come out in the past year!
the best feature of tor hidden services to me is NAT punching. it basically allows a user to have a pc behind a NAT and still have a .onion address to SSH it. this is amaizing.
It seems like the main drawback is that an attacker with large servers could populate the node list with thousands or more of nodes, track down regular users, and hit them with a denial of service for a short window to control all traffic passing through the network, and easily sniff users out.
@dr.winner2516
2 жыл бұрын
That is why Tor is better with more legit nodes, they make Tor more resilient
I’m so sick of Facebook and that’s why I deleted my account. I couldn’t be happier and should’ve done it years ago.
I think it's interesting how Facebook is embracing Tor users while other sites deny service to them altogether.
@heyandy889
7 жыл бұрын
ElagabalusRex yes we are lucky Alec Muffett is in the organization.
@ChunkyWaterisReal
6 жыл бұрын
Why the would you use Facebook on tor anyways? I mean...seems counterintuitive, cause anonymity.
@ChunkyWaterisReal
6 жыл бұрын
Oh wait.. firewalls and such I Imagine.
@exactzero
3 жыл бұрын
@@ChunkyWaterisReal because you have some activities you do there, or clients you do for. It's a big network and you don't necessarily have to use your real personal information to use their services.
Does this guy have his own channel?
@BlackQueenNetwork
6 жыл бұрын
yes but he has no vids on it
@danielmiddleton6094
6 жыл бұрын
This is his channel now
Yet another great overview!
Is there any way that you can open the auto-captions in videos? Sometimes it is harder to understand with the accent if you are not the native speaker.
@VishalSharma-gt1hy
5 жыл бұрын
press C
With the in→out thing be possible to counteract by random padding going in that is dropped at the last node before being sent out, making it harder to correlate the two?
0:53 I haven't seen that paper in a long time. Great explanation. Thanks,
Awesome channel, especially this guy do explanation so easy.
This was really well articulated thank you
Wonder if they ever will do episode on computerphile of why Tor browser suggests it not be opened to full screen or it can be tracked. How can opening the tor browser to full window be possibly be used to track someone?
@jaym1045
7 жыл бұрын
Martin Pisz it's to do with mouselogging. Basic keyloggers will take mouse location and click points. People who log into Bank Account using on-screen keyboards may be keylogged via positions. Obviously the are other ways to mouselog but basic ones dont bother
@nopenoperson9118
7 жыл бұрын
Martin Pisz In addition, browser window resolution is information used in producing a browser fingerprint for the purpose of identifying a user.
@MrDmnk93
7 жыл бұрын
Sites (or anybody sniffing around hard enough) can see your browsers dimensions (in full-screen your screen dimensions) and it might prove useful in finding you. There might be other reasons but this what I know of. If anybody has more info, your contribution would be appreciated.
@jangxx
7 жыл бұрын
Just disable JavaScript inside the TOR Browser, then it doesn't matter. No hidden service worth anything actually requires JavaScript to work, some even explicitly tell you to turn it off.
@whuzzzup
7 жыл бұрын
IF(!) you have JavaScript enabled (which is a very very very very bad idea when you want anonymity), a script can detect your resolution/browser size. This does not mean that thousands of others might have the same one, but it's one puzzle piece for identifying someone. You should google panopticlick and/or browserleaks.TorBrowser is a hardened Firefox, with lots of stuff disabled or tweaked to make identifying someone harder. But the biggest problem is JavaScript - as proven by some FBI hack some years ago.
I literally fell asleep to this. not in a bad way at all. it calms me
I'm not an informatic and I won't ever know how to actually make all the things he says, but just understanding all of this is very fun and informative.
W00t thanks for this follow-up as we requested!!!
I am not an expert in cryptograph/security, but I am quiet well versed in distributed systems. It would seem to me that the key to hidden services is that the server hosting the service operates using TOR cells (packets? not sure on nomenclature here). Since the cells are all the same size and encrypted, it becomes infeasible using simple/traditional means to correlate data packets at the destination to those from a client origin. Without hidden services the destination servers will have traditional IP packets that are susceptible to correlation using data size and timing techniques. Is this a correct interpretation of hidden services? The introduction points, DHT, onion address, etc. all seem like a cryptographic replacement of DNS with a method to bridge two TOR circuits. That, in itself, doesn't seem like it provides the extra anonymity of the hidden service.
Shout-out to Ross Ulbricht
@greyfox67xx
7 жыл бұрын
Shout out? Just email him...he likes to post his email apparently...and takes terrible photos. Unless he was practicing for prison..then yea ok
i love this channel.
Does Tor have one Master server that handles assigning the circuits of clients on initial setup or is that all done automatically? Like how does it know that this server is a circuit? Does the first circuit you connect to know your IP?
Could you randomly divide the traffic (every 8,16 or 24 bits) between 3 different, unconnected circuits?
Does that hidden server cycle its introduction points inside of this onion cloud? Or does it not need to? And are they manually picking these points or is it part of the TOR protocols? Are they able to pick them?
@DaffyDaffyDaffy33322
Ай бұрын
I'm not 100% sure so take this with a grain of salt, but when you create an onion service, the only thing you store locally is the public and private key and the hostname (the .onion address itself). There's no information stored locally about the descriptor or introduction points, so I assume they're determined every time tor is restarted
Another amazing video. Do you know the details about how Silk Road was taken down?
@Elyseon
3 жыл бұрын
Worse, he was using that account to advertise the site. Also he used the same username on several such accounts.
I see you found something to do with those reams of dotmatrix paper... :)
@btcsys
5 жыл бұрын
I think I still have a case of that stuff somewhere in my office
@moralesriveraomar233
4 жыл бұрын
Send me those boxes! This is extremely cool, I was wondering what was that paper
this guy has the most soothing voice
Is there something in place that prevents the IP and the RP from being the same router?
I'm not sure if you guys do this or not, but could you do a video about Kali Linux/Kali Nethunter and penetration testing, and perhaps a video about DNS queries and how OSs like TAILS and Whonix allegedly prevent DNS leakage? I know I'm asking for quite a bit of content here... Just thought I'd ask and see what I get. Lol. Thanks for all the great videos. They've been greatly informative as I endeavor to learn more about networking and programming.
I just installed Tor on my phone and now getting this video recommendation.
Onionymous services
Thank you for all the services you provide free of cost and it is not even hidden :P
I love your videos Mike! *hugs*
Please make a video about h265 and h264. I understand that h265 is more efficient? and should give a better quality at the same bitrate.. but which has better quality 2.6GB h264 1080p or 580MB h265 1080p?
Does anyone know the name of orrecognize that C++ book on the bookshelf in the background?
All of that is a debate based on nonsensical assumptions. "Is Anonymity worth Criminality?" makes no sense, you cannot get rid of the criminality anyway.
@rikwisselink-bijker
7 жыл бұрын
You can't get rid of it (well..), but that's no reason to make it easy. Every system can be changed to make surveillance possible. If half of the population works for the police, it is possible to eliminate 'normal' criminality. It is just that everybody outside of North Korea agrees that it is not worth it. You can allow or remove anonymity, which will have an effect on how difficult crime becomes. (to be clear: I'm for TOR staying legal)
@HanBurritoz
7 жыл бұрын
"You can not save all lives, so it is noth worth it to save any lives." Shitty argument.
@p_serdiuk
7 жыл бұрын
Rik Wisselink Basically, any surveillance just moves the problem up. What prevents criminals from abusing it? I mean, any system can be broken into.
@kisielthe1st
7 жыл бұрын
Followed by a shitty analogy I guess. If I take away your guns you're going to stab someone with a knife. If I take your knives you'll club someone to death with a stick. Making tor illegal will just spurt out other services that do the same thing. Take away my tool to achieve anonymity, i'll look for something else.
@aenorist2431
7 жыл бұрын
"You cannot save a single live, so you better not use that as an argument to also beat every second persons face in." Would be more aedequate a phrasing. I am not saying "you cannot get rid of it completely", i am saying "it would not make a cents worth of difference, hence its not an argument."
This channel provides a better education than my computer science degree smh
5:10 or a pastebin document publishing a big fat list of them (but usually only sharing the doc with a certain group), as is the case for some services
clear video👌
Maybe I didn't get this right, but with the single union facebook example you described, coulnt someone theoreticaly still sniff at the entry node and exit node to do a corilation based attac, since the exit node can know the identity of the server?
@heyandy889
7 жыл бұрын
Tiesproductions yes this is an issue with tor in general - a sufficiently powerful adversary with global knowledge of the network could (theoretically) correlate all the network's input and output messages to identify the users and their destinations. however this is already the situation of the internet without tor, so by using tor you are increasing an adversary's effort by a significant margin.
As for 01:09, even if someone is sniffing A and B, they can't prove that B is A because B's source IP is of some machine the the TOR network. Unless you follow through all the nodes A used to B, you can't show they are connected. Correct me if I'm wrong.
@danya023
3 жыл бұрын
They can't prove that with certainty, but they can with some degree of confidence. If A puts in a packet, then after a semi-constant delay it comes out on the other side, and it's happened a lot of times in sequence already, then it's probable that B is relaying A's traffic.
This video when over my head.
thanks. exited with the content of your channel , am a big fan. ....please i wish to ask ,are websites on the dark web coded with normal web languages???.
@sonicthehedgehog5088
5 жыл бұрын
Yes. they use the same web languages.
Had no clue this much was going on with Tor. Didn’t really know what was going on at all before this.
Where can I read more about Facebook's integration? Is this just something an `.onion` service can choose to do - connect directly to rendezvous node?
00:17 "A lot of what happens... is illegal" Yeah, like entrapment❗
I would be appreciate if you made a video about I2P and Freenet too.
I like the ghost cube up on the shelf.
best books for networking and cloud computing ?
@afonsohipolito6983
4 жыл бұрын
phoenix go to hidden wiki and search for library links
It’s a crying shame that with the way things are going with device and software manufacturers, web services and trackers, and all out privacy invasion from government entities these days that in order to even get a resemblance of privacy and security, one actually needs to go down this rabbit hole to even start protecting their rights and dignity... A crying shame...
Couldn't a nation state create an extraordinarily large number of Tor nodes on the cloud and monitor them all? Wouldn't that increase the odds of being able to track Tor users? If a nation state created 10,000 virtual PC based Tor nodes would that increase tracking potential? How about 50,000 nodes scattered all over the world? If the nation state could monitor all of them does this increase their chances of tracking Tor traffic and capturing data streams?
@mduckernz
7 жыл бұрын
pepeledog Yes, they can, and yes, they've done this. It kinda like the 50% attack on Bitcoin, eg. if you own a sufficient fraction of the network you control it's destiny
@junkersintutus4282
4 жыл бұрын
@@mduckernz And what if intelligence agencies actually helped start projects like Bitcoin and Tor?!
Great video!
If I controlled the entrypoint of the client, and the entrypoint of the server then I should be able to perform a heuristic analysis or not ?
@heyandy889
7 жыл бұрын
neumde neuer yes tor is vulnerable to a sufficiently powerful adversary with global knowledge of the network
Have you got the link to the dark web video?
Legendary Mike !
I would love to watch this guy have a conversation about TOR with Eli the computer guy. That would be interesting :)
Can you make a video explaining the math behind onion routing?
would it be possible to follow a trail of physical locations where each node is to link the server and the client?
@ruben307
7 жыл бұрын
they probably don't store their data.
@jclad5145
7 жыл бұрын
What about cache, there has to be some sort of cache
@techmage89
7 жыл бұрын
Rovert2001 The network is designed to prevent this sort of thing. If you control two nodes involved, though, you can start to identify the nodes between them, but that's difficult given the randomness and number of nodes available.
I know I'm late, but trying my hand here... Once the RP is set, how is the connection any more anonymous than usual, except for the added nodes? How is the traffic monitoring on both ends any harder?
@Treddian
2 жыл бұрын
My understanding is that only the server will know when the message has reached the final hop. Anyone watching could just think that the server is another router in the chain.
2:22 and there goes a tree, "Timber!"
never have i smashed the like button so fast
I love Tor for stuff that i can't gain access to (10 percent), while (95percent) of the stuff i reguarly have access to on the daily i use my other daily browsers are my Chrome browser and MSFT Edge.
uu i think he has the same keyboard that i have at my work! thou probably different layout. nice vid btw
If the routers are publicly listed can someone actually go to the introduction router and demand that they give them the address they forward the messages to and keep doing that along the 3 nodes until the reach the server? Also is a vpn just a 1 router onion router?
@rationalism_communism
10 ай бұрын
theres thousends of connections and are random, this is only works with clear net, traffic corelation only works in the clearnet, when using tor.
I would like to see a video about pluggable transports and how they work
An easier way to break down what this guy is saying. A client(the user on a computer) makes a request to send packets to a server over the internet. Lets say there is three routers(A,B,C) that the packets have to go thru in order to get to the service. Client -> Router A(Router A knows the packets came from the client. Now Router A will "peel back the information that the packets came from the client"). Now the packets are at Router B(Now Router B will "peel back the information that the packets came from A"). Then router C does the next thing. These routers are picked completely at random in the Tor network. The whole time that the packets are traveling to the service, none of the routers have the ip address destination of the service. In addition, the nodes(aka the routers) do not record the path that the packets traveled in , adding to its anonymity. An Onion address is how the packet gets there.
5:22 *The way the Distributed Hash Table is programmed the vast majority of nodes wont know what the descriptor is for a given key. Only one or a couple.* Why one or a couple? Is it necessary to make the TOR network works ???
i think i asked this in the comments to his last video about onion routing but since it didn't get an answer I'm gonna ask it again here: to avoid the danger of someone correlating traffic going into and coming out of the TOR network, could you build into the protocol that the client node adds a random number of dud packets that are taken out while being passed on in the TOR network, and within the TOR network more dud packets are added? Shouldn't this completely screw up any chance of being able to correlate traffic? Wouldn't this advantage be even better if the client and server knew to delay random packets by a random amount of time as well?
@mrsuperguy2073
7 жыл бұрын
heyandy x ah ok then. so those other protocols you mentioned, are they used by other dark web browsers then?
@btcsys
5 жыл бұрын
Would that slow traffic down to a slower crawl? Don't know just asking
what if someone sniffs at the randevu point? Does the RP have decrypted messages of both server and the client?
So when do we get an I2P video?
I know next to nothing going into this, so forgive my ignorance with this question. You've said that if someone had control of the initial entry point into the network and the final exit node, that they could decode the information they wanted (right?). Some quick Google-fu leads me to believe there are less than 1000 exit nodes currently in operation. What's to stop, say, the NSA from generously starting up another 1000 exit nodes of their own, giving them a 50% chance of having control over any given exit node? Thereby effectively eliminating that second requirement and leaving them only with a need to sniff around at the initial entry point. Again, forgive me if I've completely misunderstood something (or several things).
@heyandy889
7 жыл бұрын
Jacob Harrison yes this is a worrisome future, in fact the FBI employed such a measure in attempt to track activity of tor users.
could you make a video on mix networks?
create your own channel Dr Pound!
Won't the router node see the messages? It has to finish decrypting the layers from the sender, and start wrapping the layers for the reciever.
i like him so much!
Is a Rendezvous point kind of like a VPN or is it different
How does the introduction point send a message back to the server if it doesn't know it's IP address?
@heyandy889
7 жыл бұрын
Andy Wilson this is key insight of tor. it allows client and server to communicate without knowing each other's identity or location. broadly the concept is the same as using a proxy - obscures info about the client from the server. definitely check out FAQ on the Tor website and also how-to's from the EFF
@andywilson5677
7 жыл бұрын
Thanks. I didn't know the TOR circuit remained open between the server and the introduction point.
@heyandy889
7 жыл бұрын
No prob. Yeah, initially the circuit remains open. Once the rendezvous point is established, then the Introduction Point is out of the picture - just client, hop hop rendezvous, hop hop server.
how does a different version of the protocol 9:54 work with the rest of the system?
@ahuman307
7 жыл бұрын
It's not a difference protocol. It is the same, but instead of bouncing three times, it connects directly
@sophiatheodores7985
7 жыл бұрын
is it a serverside changeable thing?
So hidden sites have their ip addresses hidden but you can still use a common address to connect to the site using TOR. If I had the hidden sites direct IP address, could I theoretically just connect directly through something like google? If not I guess I just don't understand.
You can deduce the video's progress just by measuring the amount of marker there is on Dr Mike's hands
The more I think about hidden services and the more it appears that it's in effect a virtual drug dealer network. There are people trying to buy (clients), people producing and selling (servers), people that redistribute the drug (dealers, here introduction points), and then rendez-vous places where to buy the drug. It's really amazing to see it that way, it makes perfect sense lol.
@boboften9952
4 жыл бұрын
Yes , the dealer is trying to stop you seeing the supplier.
@simmisvans
2 жыл бұрын
@@boboften9952 ææp 8 8kg lo
onion rooters!
@Abby_Liu
4 жыл бұрын
onion is a root
@christopherellis2663
3 жыл бұрын
@@Abby_Liu a bulb, the roots are the little hairy bits on the end
@pauldowling2160
3 жыл бұрын
I say tomayto , you say tomato. I say potayto, you say potato
"is TOR worth the criminality that is on there and so on" is the same argument governments make eroding fundamental rights in the name of terrorism. If your moral compass is based on legalities I'd suggest you have chosen a poor foundation. Let me re-frame your statement: is it worth letting the law diminish your fundamental right to choose how to live your life (non aggression principle withstanding)?
@death-disco
3 жыл бұрын
@@MintyLime703 not sure your counterpoint makes sense. because a government agency developed the first onion routing protocol references, government should not be questioned? I was also referencing the tone and questions raised in the video.