Onionscan / Dark Web Deanonymization Summary

Summary

Onionscan was a tool that implemented all known deanonymization techniques for v2 onion services and allowed them to be tested at scale. This led to both an understanding of

how prevelent such issues were in addition to the discovery of new deanonymization techniques.

Onionscan Homepage - a collection of links to all OnionScan reports

Source Code (github) - very outdated source on github

List of Techniques

Onionscan implemented the following deanonmyzation techniques:

• Apache server-status exposure / scraping
• Hostname overriding
• Cohosting of services (ssh/ftp/bitcoin peers)
• Correlation of identifiers (bitcoin addresses / ssh fingerprints)
• Uptime analysis

Selected Talks

• CrySP Speaker Series: OnionScan: Practical Deanonymization of Hidden Services (CrySP)
• Edinburgh University Sociology Seminar: Darknet Cartography (Youtube)
• Hackfest 2016: Untangling the Dark Web: Unmasking Onion Services (Youtube)
• BSides Vancouver 2017: Excuse Me, I think your dark web is leaking (Youtube)

• sec-research privacy-research project