[tor-talk] How easy are Tor hidden services to locate?
Roger Dingledine
arma at mit.edu
Wed Mar 6 09:53:05 UTC 2013
On Wed, Mar 06, 2013 at 01:12:47AM -0600, Anthony Papillion wrote:
> I'm involved in a project that will ultimately run a website as a
> hidden service. Because of the content if the site (not child porn
> or gambling) we're concerned about how easy a Tor connected server
> is to find.
Hidden services are definitely weaker than regular Tor circuits, a)
because the adversary can induce them to speak, and b) because they stay
at the same place over time. Mostly 'a'.
That said, there are plenty of hidden services out there, and few
stories of people breaking their anonymity by breaking Tor. So they're
not foolproof for sure, but they're also not trivial to deanonymize.
I'll turn it around, and ask "easy compared to what?"
> Also, are there best practices to securely hosting a
> server on Tor?
I wrote some suggestions on the second-to-last bullet point of
https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police
A lot of it depends on your expected adversary, and on how much you care.
--Roger
More information about the tor-talk
mailing list