Your browser does not support JavaScript!

access icon free Empirical analysis of Tor Hidden Services

Tor hidden services allow someone to host a website or other transmission control protocol (TCP) service whilst remaining anonymous to visitors. The collection of all Tor hidden services is often referred to as the ‘darknet’. In this study, the authors describe results from what they believe to be the largest study of Tor hidden services to date. By operating a large number of Tor servers for a period of 6 months, the authors were able to capture data from the Tor distributed hash table to collect the list of hidden services, classify their content and count the number of requests. Approximately 80,000 hidden services were observed in total of which around 45,000 are present at any one point in time. Abuse and Botnet C&C servers were the most frequently requested hidden services although there was a diverse range of services on offer.


    1. 1)
      • 21. Johnson, A., Wacek, C., Jansen, R., et al: ‘Users get routed: traffic correlation on tor by realistic adversaries’. Proc. of the 20th ACM Conf. on Computer and Communications Security, 2013.
    2. 2)
      • 6. Chaabane, A., Manils, P., Kaafar, M.A.: ‘Digging into anonymous traffic: a deep analysis of the tor anonymizing network’. Proc. of the 4th Int. Conf. on Network and System Security (NSS), 2010.
    3. 3)
      • 17. Hermes Center for Transparency and Digital Human Rights: ‘Globaleaks platform’, 2014. Available at
    4. 4)
      • 7. McCoy, D., Bauer, K., Grunwalk, D., et al: ‘Shining light in dark places: understanding the tor network’, Priv. Enhancing Technol., 2008, 5134, pp. 6376.
    5. 5)
      • 16. Samarawickrama, S., Jayaratne, L.: ‘Automatic text classification and focused crawling’. Sixth Int. Conf. on Digital Information Management (ICDIM), 2011.
    6. 6)
      • 18. Freedom of the Press Foundation: ‘Securedrop platform’, 2014. Available at
    7. 7)
      • 9. Dingledine, R., Mathewson, N., Syverson, P.: ‘Tor: the second-generation onion router’. Technical report, Naval Research Laboratory, USA, 2004.
    8. 8)
      • 1. Tor Project: ‘Metrics portal’, September 2014. Available at
    9. 9)
      • 3. Elahi, T., Bauer, K., AlSabah, M., et al: ‘Changing of the guards: a framework for understanding and improving entry guard selection in tor’. Proc. of the Workshop on Privacy in the Electronic Society, 2012.
    10. 10)
      • 8. Ling, Z., Luo, J., Wu, K., et al: ‘Torward: discovery of malicious traffic over tor’. Proc. of the IEEE Int. Conf. on Computer Communications, 2014.
    11. 11)
      • 11. Douceur, J.R.: ‘The sybil attack’. Revised Papers from the First Int. Workshop on Peer-to-Peer Systems, IPTPS'01, 2002, pp. 251260. Available at
    12. 12)
      • 22. Kwon, A., AlSabah, M., Lazar, D., et al: ‘Circuit fingerprinting attacks: passive deanonymization of tor hidden services’. Proc. of the 24th USENIX Security Symp. (Security), 2015.
    13. 13)
      • 2. Winter, P., Lindskog, S.: ‘How the great firewall of china is blocking tor’. Proc. of USENIX Workshop on Free and Open Communications on the Internet, 2012.
    14. 14)
      • 10. Stoica, I., Morris, R., Karger, D., et al: ‘Chord: a scalable peer-to-peer lookup service for internet applications’. Proc. of the 2001 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM 2001, 2001, pp. 149160. Available at
    15. 15)
      • 14. Biryukov, A., Pustogarov, I., Weinmann, P.-P.: ‘Detection, measurement and deanonymisation’. Proc. of IEEE Symp. on Security and Privacy, 2013, pp. 8094.
    16. 16)
      • 23. Ling, Z., Luo, J., Wu, K., et al: ‘Protocol-level hidden server discovery’. Proc. of the 32nd IEEE Int. Conf. on Computer Communications, 2013.
    17. 17)
      • 12. Lesniewski-Laas, C.: ‘A sybil-proof one-hop dht’. Proc. of the 1st Workshop on Social Network Systems, SocialNets'08, 2008, pp. 1924. Available at
    18. 18)
      • 20. Hopper, N.: ‘Challenges in protecting tor hidden services from botnet abuse’. Proc. of Financial Cryptography and Data Security (FC'14), 2014.
    19. 19)
      • 13. Lesniewski-Laas, C., Kaashoek, M.F.: ‘Whanau: a sybil-proof distributed hash table’. Proc. of the 7th USENIX Conf. on Networked Systems Design and Implementation, NSDI'10, 2010, pp. 88. Available at
    20. 20)
    21. 21)
      • 4. Murdoch, S.J., Zielínski, P.: ‘Sampled traffic analysis by Internet-exchange-level adversaries’. Proc. of the Seventh Workshop on Privacy Enhancing Technologies (PET 2007), 2007.
    22. 22)
      • 15. Christin, N.: ‘Traveling the silk road: a measurement analysis of a large anonymous online marketplace’. Proc. of the 22nd Int. Conf. on World Wide Web, 2013.
    23. 23)
      • 19. Stone-Gross, B., Cova, M., Cavallaro, L., et al: ‘Your botnet is my botnet: analysis of a botnet takeover’. Proc. of the 16th ACM Conf. on Computer and Communications Security, CCS ‘09, 2009, pp. 635647. Available at

Related content

This is a required field
Please enter a valid email address