The Onion Router, or TOR, is the most
popular anonymizing network on the Internet. It allows you to do
things online while staying virtually anonymous and safe from
eavesdropping. It's being used by activists fighting oppressive
governments, business people trying to keep their communications safe
from corporate espionage, and criminals attempting to evade the law.
All one needs to participate is downloading a piece of software which
connects you to the TOR network. But one lesser known type of service
that TOR offers is called a hidden service. These are web sites that
can also be anonymous, and often provide services for people wishing
to do business in a completely private way, such as email, buying and
selling goods, or sending financial payments.
Right now however, a bunch of these
services are offline. Worse, there are reports of many well known TOR
hidden services may be compromised using a browser exploit.
Everything started when the FBI arrested the owner of the company
Freedom Hosting. The problem is that a lot of services, including
TORMail, used them as hosting provider. Now it appears as if these
services have been replaced with a blank page offering an exploit to
any visitor, attempting to take over user's computers. So if you use
TOR, be careful not to go to hidden services for a while.
Of course, this shows how complacency
can be a very bad thing, especially when it comes to security. The
problem isn't with TOR. The software itself is safe and hasn't been
compromised. But because many owners of TOR hidden services used the
same hosting provider, a single arrest shut them all down. This is
the same reason why businesses are often advised to have redundancy.
By not relying on a single point of failure, you avoid these issues.