Under the old method I required the user to set up the hidden/onion service by adding a line to their torrc. That's not necessary if I used ADD_ONION. In both methods I still need them to enable the control port
right. it shouldn't be necessary at all to modify the torrc... for most features.
and an authentication, but it's just one less requirement using ADD_ONION.
nah... you could use a unix domain socket instead of a TCP port and then just use filesystem permissions to limit access to the socket file. i much prefer this to authentication.
Data isolation is improved because it separates responsibility. In Linux, the tor binary runs under a separate user and sets up permissions to protect sensitive data. My OnioNS software can run as a separate user as well. This way, data is isolated to its respective software and I'm not mixing everything.
hmm ok well keep in mind an unfiltered contorl port is rather powerful and in a sense brings your software into the same security domain as the tor process. access to the control port can cause tor to execute a specified binary as a pluggable transports.