The best way to run a hidden service: one or two computers?
Gregory Maxwell
gmaxwell at gmail.com
Mon Sep 20 15:00:41 UTC 2010
On Fri, Sep 17, 2010 at 10:41 PM, Robert Ransom <rransom.8774 at gmail.com> wrote:
> If your hidden service really needs to be annoying to find, run it:
>
> * using only well-written, secure software,
> * in a VM with no access to physical network hardware,
> * on a (physical) computer with no non-hidden services of any kind
> running on it (so that an attacker can't use Dr. Murdoch's ‘Hot or
> Not’ clock-skew detection attack),
> * and over a fast enough Internet connection that the adversary cannot
> easily determine your connection's speed.
I think you've missed some points.
* The (Virtual) machine running the hidden service should probably
also have no _outbound_ network connectivity except via tor.
This is because it can be even easier to trick a software on a server
into making a network connection than it is to remotely compromise the
server. E.g. your GNU/Linux distribution may have installed some extra
CGIs in your webserver that you are unaware of...
And here is a potentially controversial suggestion, lets see what
others say about it:
* You should run your hidden service behind tor bridges rather than
directly connecting to the tor network.
The rationale for this suggestion is that it may make it more
difficult for a network observer to enumerate a list of tor clients in
order to apply things like the clock-skew attack or subject them to
additional network surveillance.
[snip]
> The above precautions are probably enough, unless a three-letter agency
> (or four-letter association) knows about your hidden service and wants
> to find and ‘neutralize’ its operator. In that case, you have to worry
> about the near-global passive adversary and other threats that Tor
> can't afford to defeat.
I fear that you're overstating the security provided.
For example, I think that if you managed to piss off the ISP community
vigilantes that go after spammers and botnets that they would have a
decent chance of tracking you down in spite of your efforts to stay
hidden.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list