[tor-talk] Fast and clean free provider for a couple of HTML pages

Mirimir mirimir at riseup.net
Tue Jul 15 11:22:07 UTC 2014

On 07/15/2014 02:14 AM, Red Sonja wrote:
> Now I'm getting somewhere.


> Mirimir:
>>> I did. I have no idea how to sort them out.
>> Well, they're free. So just pick one at random, and try to sign up via
>> Tor. Repeat until success. Then create a test page, and try to upload
>> with FTP via Tor. Repeat until success. That's what I would do, anyway.
> Yes, but I have no idea what the server is seeing from me.

As long as you're using Tor browser or Tails, I doubt that the server is
seeing anything except a Tor exit IP.

> So I was hoping for somebody who already went through this to share
> info. The couple I have tried so far do not even use HTTPS for the
> control panel.

Using HTTPS for the control panel is another important criterion.

> I searched for ssh support and it is a web console that simulates ssh
> in the browser. FTP so far is plain and open.

I doubt that you'll find free web hosting that works with command line
tools. You won't get that until VPS hosting.

> And to make things nicer, they do email me the account and password.

That's all too common :( There's less need for support that way. It's
really bad when they email you the new password whenever you change it.

>>> So FTP is safe with Tor? What other protocols are fine over Tor? SSH is one.
>> That is a very complicated question. See the thread on SSH, for example.
>> As long as Tor has been properly configured for DNS lookup, any app that
>> has a SOCKS5 option is probably safe. However, complex apps that use
>> multiple protocols in the background (such as BitTorrent) are not safe,
>> except perhaps for highly expert users. If in doubt, use Wireshark to
>> test for leaks. If you're in a hurry, your best bet is to use Whonix.
>> Anything configured by default is probably safe, and the documentation
>> is excellent.
> Yes.
> But when most people ask the answers are like this. How's «properly
> configured»? How do I know it is properly configured?

Ultimately, you know that when it works, and it doesn't leak, no matter
how you try to break it. Sorry :(

Actually, the "properly configured" part is easy:


The hard part is the iptables rules. I'll post something useful ASAP.

> The wiki is quite messy. And you have old stuff and new stuff. None is
> dated so the new stuff can be old as well.

I agree. It's confusing.

> I fully agree with you: complex apps are simply complex. I want basic
> tools and for that I am ready to pass the GUI and go for the shell. But
> how do I test for leaks?

You install Wireshark, and then capture on eth0. You should see no
non-local traffic except with your entry guards.

To install Wireshark, open a terminal and run these commands:

sudo apt-get update
sudo apt-get install wireshark

To configure wireshark to allow a non-root user to sniff packets, run
these commands:

sudo dpkg-reconfigure wireshark-common
sudo adduser $USER wireshark

> Please understand, I have nothing against you: on the contrary, you are
> the only one who answered me. But the whole thing is a mess. A year or
> so I asked the Tails guys why doesn't my USB installed from VirtualBox
> doesn't work. They were rather cold and the main guy said something
> along the lines: it's not free and we don't support it. Yes, the USB
> part of VirtualBox is not supported.

I'm not sure that I understand that. USB support in VirtualBox does
require the extensions plug-in, and that's free but not "free" in a
purist sense. Is that it?

> Whonix needs it. And it's a 3Gb download.

As long as you're not hiding Tor from your ISP, I don't see why you need
to download Whonix via Tails. And yet, Whonix is large. The Tor gateway
VM could be much smaller. I can point you to instructions for setting up
a pfSense VM as a Tor gateway, if you're interested.

> I feel so lost...

It's very good to know that you're lost, when you're lost ;)

More information about the tor-talk mailing list