Tippe, PascalWendzel, SteffenWressnegger, ChristianHartmann, LauraFreiling, FelixArmknecht, FrederikReinfelder, Lena2024-04-192024-04-192024978-3-88579-739-5https://dl.gi.de/handle/20.500.12116/43962Tor is an overlay anonymization network that provides anonymity for clients surfing the web but also allows hosting anonymous services called onion services. These enable whistleblowers and political activists to express their opinion and resist censorship. Administrating an onion service is not trivial and requires extensive knowledge because Tor uses a comprehensive protocol and relies on volunteers. Meanwhile, attackers can spend significant resources to decloak onion services. So far, research is rather focused on improving the Tor protocol than on measures that onion service operators can take individually. This paper analyzes related academic work and evaluates publicly available court documents from 22 criminal cases to determine risks for onion services. The rationale to use court documents is that real-world attacker strategies provide a better threat model for onion service operators. We find that investigative methods used in the court documents deviate from the academic deanonymization attacks.enOnion ServicesTor DeanonymizationText/Conference Paper10.18420/sicherheit2024_0211617-5468