Public IP Addresses of Tor Sites Exposed via SSL Certificates by Lawrence Abrams.
From the post:
A security researcher has found a method that can be used to easily identify the public IP addresses of misconfigured dark web servers. While some feel that this researcher is attacking Tor or other similar networks, in reality he is exposing the pitfalls of not knowing hwo to properly configure a hidden service.
One of the main purposes of setting up a dark web web site on Tor is to make it difficult to identify the owner of the site. In order to properly anonymize a dark web site, though, the administrator must configure the web server properly so that it is only listens on localhost (127.0.0.1) and not on an IP address that is publicly exposed to the Internet.
…
The failure of people who intentionally walk on the wild side to properly secure their sites holds out great promise that government and industry sites are even more poorly secured.
If you are running a Tor site or someday hope to run a Tor site, read this post and make sure your public IP isn’t showing.
Unless your Tor site is a honeypot for government spy agencies. They lap up false information like there is no tomorrow.
Not something I have time for now but consider mining intelligence reports as a basis for creating a Tor site, complete with information, chats, discussion forums, etc., download (not public) name “Terrorist-in-a-Box.” Unpack, install, configure (correctly) and yet another terrorist site is on the Dark Web. Have an AI running all the participants on the site. A challenging project to make it credible.
The intelligence community (IC) makes much of their ability to filter noise from content, so you can help them test that ability. It’s almost a patriotic duty.