[or-cvs] more tips
arma at seul.org
arma at seul.org
Sat Jul 23 10:59:45 UTC 2005
Update of /home2/or/cvsroot/tor/doc
In directory moria:/home/arma/work/onion/cvs/tor/doc
RCS file: /home2/or/cvsroot/tor/doc/tor-hidden-service.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- tor-hidden-service.html 23 Jul 2005 09:00:19 -0000 1.5
+++ tor-hidden-service.html 23 Jul 2005 10:59:43 -0000 1.6
@@ -44,7 +44,7 @@
<p>Tor allows clients and servers to offer hidden services. That is,
you can offer a web server, SSH server, etc., without revealing your
-IP to its users. In fact, because you don't need any public address,
+IP to its users. In fact, because you don't use any public address,
you can run a hidden service from behind your firewall.
@@ -147,9 +147,7 @@
HiddenServiceDir that you specified. First, it will generate a new
public/private keypair for your hidden service, and write it into a
file called "private_key". Don't share this key with others -- if you
-do they will be able to impersonate your hidden service. If you plan to
-keep your service available for a long time, you might want to make a
-backup copy of the private_key somewhere.
+do they will be able to impersonate your hidden service.
<p>The other file it will create is called "hostname". This contains
@@ -193,7 +191,13 @@
serve in the hidserv directory.
-<p>If you're on Windows, ...
+<p>If you're on Windows, ...what should we suggest here? Is there
+a good simple free software web server for Windows? Please
+let me know what we should say here. In the meantime,
+check out <a href="http://httpd.apache.org/">apache</a> or
+<a href="http://savant.sourceforge.net/">savant</a>, and be sure to
+configure them to bind only to localhost. You should also figure out
+what port you're listening on, because you'll use it below.
@@ -208,6 +212,47 @@
+<h3>Step Four: More advanced tips</h3>
+<p>If you plan to keep your service available for a long time, you might
+want to make a backup copy of the private_key somewhere.
+<p>We avoided recommending Apache above, a) because many people might
+already be running it for a public server, and b) because it's big
+and has lots of places where it might reveal your IP address or other
+identifying information, for example in 404 pages. For people who need
+more functionality, though, Apache may still be the right answer. Can
+somebody make us a checklist of ways to lock down your Apache when you're
+using it as a hidden service?
+<p>If you want to forward multiple virtual ports for a single hidden
+service, just add more HiddenServicePort lines.
+<p>If you want to run multiple hidden services from the same Tor
+client, just add another HiddenServiceDir line. All the following
+HiddenServicePort lines refer to this HiddenServiceDir line, until
+you add another HiddenServiceDir line.
+<p>There are some anonymity issues you should keep in mind too:
+<li>As mentioned above, be careful of letting your web server reveal
+identifying information about you, your computer, or your location.
+For example, readers can probably determine whether it's thttpd or
+Apache, and learn something about your operating system.</li>
+<li>If your computer isn't online all the time, your hidden service
+won't be either. This leaks information to an observant adversary.</li>
+<!-- increased risks over time -->
<p>If you have suggestions for improving this document, please <a
href="mailto:tor-bugs at freehaven.net">send them to us</a>. Thanks!</p>
More information about the tor-commits