[tor-talk] Hidden Service Scaling Summer of Privacy Project

coderman coderman at gmail.com
Tue May 26 19:41:07 UTC 2015


On 5/26/15, Donncha O'Cearbhaill <donncha at donncha.is> wrote:
> ...
> I am interested in hearing from all existing hidden service operators.

speaking for two,



> In particular I'd like to understand the use-cases,

- file distribution
- "web services", etherpad, ethersheet, webdav
- XMPP
- IRC
- overlay network (tun/tap)



> priorities

file distribution and chat.



> limitations

fragility; zooko's triangle. (see also namecoin and onion name service
experiments for bootstrap)



> There have been anecdotal reports on the Tor
> bug tracker that hidden services have trouble scaling to more than 100
> concurrent connections [2]. Is this something that operators here have
> experienced?

it would be nice to speak of hidden service establishment rates across
distinct number of onions, rather than a simple frequency counter.
specifically, high establishment rates over many onions is the most
performance intensive use case unless under attack of any myriad
sort...

conversely, if in a constrained environment like old computer or small
device, using only a couple onions, for light traffic is advised.



> There has also been recent DoS campaigns affecting Tor
> hidden services which have been challenging to mitigate.

one word: blowback.
 [ maybe #FreeRedTeam ? gotta make lemonade, sweet sweet lemonade ]



> In my project I hope to produce a tool which will allow a hidden service
> to be backed my multiple Tor instances which can be spread across
> multiple servers and geographical locations.

in the 50G mirror experiment, even while under volatile network
conditions, this technique - using many concurrently active onions -
worked well and kept throughput and availability consistently robust.
bigsun dist uses 9 onions across three physical hosts, for reference.



>  - Redundant hidden service hosting with no single point of failure.

#1 useful.




>  - Secure storage of hidden service keys away from the Tor service on
>    smartcards or HSM's

#2 useful.



>  - From a security perspective, would you prefer to minimize the
> software running on the onion service instance servers or minimize
> connections to the management server which has access to the service keys?

both, #3 useful.



> I've anyone has time to share, I'd be very interested in learning about
> your experiences and current challenges. I'd also be delighted to hear
> about any other features that may be useful to the HS community.

this should be a trac, wiki, or doc? :P


best regards,


More information about the tor-talk mailing list