research-article

The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services

Authors:

Iskander Sanchez-Rola,

Davide Balzarotti,

Igor SantosAuthors Info & Claims

WWW '17: Proceedings of the 26th International Conference on World Wide Web

Pages 1251 - 1260

https://doi.org/10.1145/3038912.3052657

Published: 03 April 2017 Publication History

Abstract

Tor is a well known and widely used darknet, known for its anonymity. However, while its protocol and relay security have already been extensively studied, to date there is no comprehensive analysis of the structure and privacy of its Web Hidden Service.

To fill this gap, we developed a dedicated analysis platform and used it to crawl and analyze over 1.5M URLs hosted in 7257 onion domains. For each page we analyzed its links, resources, and redirections graphs, as well as the language and category distribution. According to our experiments, Tor hidden services are organized in a sparse but highly connected graph, in which around 10% of the onions sites are completely isolated.

Our study also measures for the first time the tight connection that exists between Tor hidden services and the Surface Web. In fact, more than 20% of the onion domains we visited imported resources from the Surface Web, and links to the Surface Web are even more prevalent than to other onion domains.

Finally, we measured for the first time the prevalence and the nature of web tracking in Tor hidden services, showing that, albeit not as widespread as in the Surface Web, tracking is notably present also in the Dark Web: more than 40% of the scripts are used for this purpose, with the 70% of them being completely new tracking scripts unknown by existing anti-tracking solutions.

References

[1]

PhantomJS. http://phantomjs.org/.

[2]

Tor Project: Anonymity Online. https://www.torproject.org.

[3]

Tor2web: Browse the Tor Onion Services. https://www.tor2web.org/.

[4]

TorMETRICS. https://metrics.torproject.org.

[5]

I2P: The Invisible Internet Project. https://geti2p.net/, 2016.

[6]

FreeNet. https://freenetproject.org, Accessed: September 2016.

[7]

G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, and C. Diaz. The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), 2014.

Digital Library

[8]

G. Acar, M. Juarez, N. Nikiforakis, C. Diaz, S. Gürses, F. Piessens, and B. Preneel. FPDetective: dusting the web for fingerprinters. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), 2013.

Digital Library

[9]

M. K. Bergman. White paper: the deep web: surfacing hidden value. Journal of electronic publishing, 7(1), 2001.

[10]

A. Biryukov, I. Pustogarov, and R.-P. Weinmann. Trawling for tor hidden services: Detection, measurement, deanonymization. In IEEE Symposium on Security and Privacy (Oakland), 2013.

Digital Library

[11]

A. Broder, R. Kumar, F. Maghoul, P. Raghavan, S. Rajagopalan, R. Stata, A. Tomkins, and J. Wiener. Graph structure in the web. Computer networks, 33(1):309--320, 2000.

Digital Library

[12]

S. Chakravarty, G. Portokalidis, M. Polychronakis, and A. D. Keromytis. Detecting traffic snooping in tor using decoys. In Proceedings of the International Workshop on Recent Advances in Intrusion Detection (RAID), 2011.

Digital Library

[13]

V. Ciancaglini, M. Balduzzi, M. Goncharov, and R. McArdle. Deepweb and Cybercrime: It's Not All About TOR. http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-cybercrime-and-the-deep-web.pdf, 2013.

[14]

V. Ciancaglini, M. Balduzzi, R. McArdle, and M. Rösler. Below the surface: Exploring the deep web. https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_below_the_surface.pdf, 2015.

[15]

B. J. Frey and D. Dueck. Clustering by passing messages between data points. Science, 315(5814):972--976, 2007.

[16]

B. He, M. Patel, Z. Zhang, and K. C.-C. Chang. Accessing the deep web. Communications of the ACM, 50(5):94--101, 2007.

Digital Library

[17]

Intelliagg and Darksum. DEEPLIGHT: shining a light on the dark web. http://www.deep-light.net/, 2016.

[18]

R. Jansen, F. Tschorsch, A. Johnson, and B. Scheuermann. Anonymously deanonymizing and disabling the tor network. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2014.

[19]

A. Kwon, M. AlSabah, D. Lazar, M. Dacier, and S. Devadas. Circuit fingerprinting attacks: Passive deanonymization of tor hidden services. In Proceedings of the USENIX Security Symposium (SEC), 2015.

Digital Library

[20]

P. Laperdrix, W. Rudametkin, and B. Baudry. Beauty and the beast: Diverting modern web browsers to build unique browser fingerprints. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2016.

[21]

A. Lerner, A. K. Simpson, T. Kohno, and F. Roesner. Internet jones and the raiders of the lost trackers: An archaeological study of web tracking from 1996 to 2016. In Proceedings of the USENIX Security Symposium (SEC), 2016.

[22]

S. J. Lewis. Onionscan report: April 2016. https://onionscan.org/reports/april2016.html/, 2016.

[23]

S. J. Lewis. Onionscan report: July 2016 - https somewhere sometimes. https://mascherari.press/onionscan-report-july-2016-https-somewhere-sometimes/, 2016.

[24]

S. J. Lewis. Onionscan report: June 2016. https://mascherari.press/onionscan-report-june-2016/, 2016.

[25]

S. J. Lewis. Onionscan report: May 2016. https://onionscan.org/reports/may2016.html, 2016.

[26]

W. Liu, X. Meng, and W. Meng. Vide: A vision-based approach for deep web data extraction. IEEE Transactions on Knowledge and Data Engineering, 22(3):447--460, 2010.

Digital Library

[27]

J. Madhavan, D. Ko, Ł. Kot, V. Ganapathy, A. Rasmussen, and A. Halevy. Google's deep web crawl. Proceedings of the VLDB Endowment, 1(2):1241--1252, 2008.

Digital Library

[28]

D. McCoy, K. Bauer, D. Grunwald, T. Kohno, and D. Sicker. Shining light in dark places: Understanding the tor network. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2008.

Digital Library

[29]

R. Meusel, S. Vigna, O. Lehmberg, and C. Bizer. Graph structure in the web-revisited. In Proceedings of the International World Wide Web Conference (WWW), 2014.

Digital Library

[30]

P. Mittal, A. Khurshid, J. Juen, M. Caesar, and N. Borisov. Stealthy traffic analysis of low-latency anonymous communication using throughput fingerprinting. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS), 2011.

Digital Library

[31]

S. J. Murdoch and G. Danezis. Low-cost traffic analysis of tor. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2005.

Digital Library

[32]

N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, and G. Vigna. Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland), 2013.

Digital Library

[33]

M. G. Reed, P. F. Syverson, and D. M. Goldschlag. Anonymous connections and onion routing. IEEE Journal on Selected areas in Communications, 16(4):482--494, 1998.

Digital Library

[34]

G. Salton, A. Wong, and C.-S. Yang. A vector space model for automatic indexing. Communications of the ACM, 18(11):613--620, 1975.

Digital Library

[35]

A. Sanatinia and G. Noubir. Onionbots: Subverting privacy infrastructure for cyber attacks. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2015.

Digital Library

[36]

A. Sanatinia and G. Noubir. Honey onions: a framework for characterizing and identifying misbehaving tor hsdirs. In Proceedings of IEEE Conference on Communication Networks Security, 2016.

[37]

I. Sanchez-Rola and I. Santos. Known and Unknown Generic Web Tracking Analyzer: A 1 Million Website Study. Technical report, DeustoTech, University of Deusto, 2016.

[38]

K. Soska and N. Christin. Measuring the longitudinal evolution of the online anonymous marketplace ecosystem. In Proceedings of USENIX Security Symposium (SEC), 2015.

Digital Library

[39]

Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal. RAPTOR: routing attacks on privacy in Tor. In Proceedings of the USENIX Security Symposium (SEC), 2015.

Digital Library

[40]

W. T. Surveys. Usage of javascript websites. https://w3techs.com/technologies/.

[41]

P. Winter, R. Köwer, M. Mulazzani, M. Huber, S. Schrittwieser, S. Lindskog, and E. Weippl. Spoiled onions: Exposing malicious tor exit relays. In Proceedings of the Privacy Enhancing Technologies Symposium (PETS), 2014.

Cited By

Buitrago López APastor-Galindo JGómez Mármol F(2024)Updated exploration of the Tor network: advertising, availability and protocols of onion servicesWireless Networks10.1007/s11276-024-03679-4Online publication date: 25-Feb-2024
https://doi.org/10.1007/s11276-024-03679-4
Zabihimayvan MSadeghi RDoran D(2024)Security, information, and structure characterization of Tor: a surveyTelecommunication Systems10.1007/s11235-024-01149-y87:1(239-255)Online publication date: 20-May-2024
https://doi.org/10.1007/s11235-024-01149-y
López AGalindo JMármol F(2023)Exploring the availability, protocols and advertising of Tor v3 domains2023 JNIC Cybersecurity Conference (JNIC)10.23919/JNIC58574.2023.10205938(1-8)Online publication date: 21-Jun-2023
https://doi.org/10.23919/JNIC58574.2023.10205938
Show More Cited By

Index Terms

The Onions Have Eyes: A Comprehensive Structure and Privacy Analysis of Tor Hidden Services
1. Security and privacy
  1. Database and storage security
    1. Data anonymization and sanitization

Recommendations

Spiders like Onions: on the Network of Tor Hidden Services
WWW '19: The World Wide Web Conference

Tor hidden services allow offering and accessing various Internet resources while guaranteeing a high degree of provider and user anonymity. So far, most research work on the Tor network aimed at discovering protocol vulnerabilities to de-anonymize ...
A first look at references from the dark to the surface web world: a case study in Tor
Abstract
Tor is the most well-known anonymity network that protects the identity of both content providers and their clients against any tracking on the Internet. The previous research on Tor investigated either the security and privacy concerns or the ...
Going dark: anonymising technology in cyberspace

Anonymising technologies are cyber-tools that protect people from online surveillance, hiding who they are, what information they have stored and what websites they are looking at. Whether it is anonymising online activity through `TOR' and its onion ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '17: Proceedings of the 26th International Conference on World Wide Web

April 2017

1678 pages

ISBN:9781450349130

General Chairs:
Rick Barrett
W3Events
,
Rick Cummings
Murdoch University
,
Program Chairs:
Eugene Agichtein
Emory University
,
Evgeniy Gabrilovich
Google Research

Copyright © 2017 Copyright is held by the International World Wide Web Conference Committee (IW3C2).

Sponsors

IW3C2: International World Wide Web Conference Committee

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

International World Wide Web Conferences Steering Committee

Republic and Canton of Geneva, Switzerland

Publication History

Published: 03 April 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Basque Government

Conference

WWW '17

Sponsor:

IW3C2

WWW '17: 26th International World Wide Web Conference

April 3 - 7, 2017

Perth, Australia

Acceptance Rates

WWW '17 Paper Acceptance Rate 164 of 966 submissions, 17%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

32
Total Citations
View Citations
733
Total Downloads

Downloads (Last 12 months)33
Downloads (Last 6 weeks)8

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Buitrago López APastor-Galindo JGómez Mármol F(2024)Updated exploration of the Tor network: advertising, availability and protocols of onion servicesWireless Networks10.1007/s11276-024-03679-4Online publication date: 25-Feb-2024
https://doi.org/10.1007/s11276-024-03679-4
Zabihimayvan MSadeghi RDoran D(2024)Security, information, and structure characterization of Tor: a surveyTelecommunication Systems10.1007/s11235-024-01149-y87:1(239-255)Online publication date: 20-May-2024
https://doi.org/10.1007/s11235-024-01149-y
López AGalindo JMármol F(2023)Exploring the availability, protocols and advertising of Tor v3 domains2023 JNIC Cybersecurity Conference (JNIC)10.23919/JNIC58574.2023.10205938(1-8)Online publication date: 21-Jun-2023
https://doi.org/10.23919/JNIC58574.2023.10205938
Han DWang SHe ZWang ZChen WLi CYang JShi XYin X(2023)Cutting Onions With Others' Hands: A First Measurement of Tor Proxies in the Wild2023 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking57963.2023.10186440(1-9)Online publication date: 12-Jun-2023
https://doi.org/10.23919/IFIPNetworking57963.2023.10186440
Boshmaf YPerera IKumarasinghe ULiyanage SAl Jawaheri H(2023)Dizzy: Large-Scale Crawling and Analysis of Onion ServicesProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600167(1-11)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600167
Pastor-Galindo JGómez Mármol FMartínez Pérez G(2023)On the gathering of Tor onion addressesFuture Generation Computer Systems10.1016/j.future.2023.02.024145:C(12-26)Online publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.future.2023.02.024
Tazi FShrestha SDe La Cruz JDas S(2022)SoK: An Evaluation of the Secure End User Experience on the Dark Net through Systematic Literature ReviewJournal of Cybersecurity and Privacy10.3390/jcp20200182:2(329-357)Online publication date: 27-May-2022
https://doi.org/10.3390/jcp2020018
Platzer FLux A(2022)A Synopsis of Critical Aspects for Darknet ResearchProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3544444(1-8)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3544444
Kim MLee JKwon HHur J(2022)Get off of Chain: Unveiling Dark Web Using Multilayer Bitcoin Address ClusteringIEEE Access10.1109/ACCESS.2022.318721010(70078-70091)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3187210
Figueras-Martín EMagán-Carrión RBoubeta-Puig J(2022)Drawing the web structure and content analysis beyond the Tor darknet: Freenet as a case of studyJournal of Information Security and Applications10.1016/j.jisa.2022.10322968(103229)Online publication date: Aug-2022
https://doi.org/10.1016/j.jisa.2022.103229
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents