KAX17 also employed middle relays. It's not out of the question that they are attacking onion services in some way, like the 2014 "relay early" attack.
For example, if you run a relay chosen as a guard for an onion service, there are a number of clever tricks (sending heavy traffic to the onion service + observing which IP suddenly has lots of activity + eliminating other relay IPs) that can be done to find the IP of an onion service. There are also "sniper" DDoS attacks that can force an onion service to use your node as a guard. I would imagine that many or most onion operators haven't bothered to enable the Vanguard addon that makes this attack a little more expensive.
I really wonder about the feasability of keeping onion service IPs globally secret. It may not be possible. I would certainly not stake my freedom on it. End user traffic to onion services is considerably harder to compromise, though.
> I really wonder about the feasability of keeping onion service IPs globally secret. It may not be possible. I would certainly not stake my freedom on it.
Me either. KAX17 is visible. There are exceptionally well-resourced organizations with I think the motivation to unmask a seemingly target-rich collection of users, and the money and skill to simply infiltrate most relays, probably without being noticed.
I also wouldn't stake my freedom on it because it is simple to detect that you are using Tor, and that puts you in a tiny group, one that is (again) seemingly target-rich.
For example, if you run a relay chosen as a guard for an onion service, there are a number of clever tricks (sending heavy traffic to the onion service + observing which IP suddenly has lots of activity + eliminating other relay IPs) that can be done to find the IP of an onion service. There are also "sniper" DDoS attacks that can force an onion service to use your node as a guard. I would imagine that many or most onion operators haven't bothered to enable the Vanguard addon that makes this attack a little more expensive.
I really wonder about the feasability of keeping onion service IPs globally secret. It may not be possible. I would certainly not stake my freedom on it. End user traffic to onion services is considerably harder to compromise, though.