> Is it a problem to offer the same content on a public and a hidden > (Tor) http service? (I.e., does it leak enough information for > useful attacks).
I have no idea why you would want this, but I do it just to make sure people have the address for the hidden http service so they can start using that if the public one goes away. This brings up many serious problems, like: * You are NOT anonymous, depending on how you do it. There's domains by proxy and that kind of thing, though. The advesary can probably find out who you are using the public server. * Then the advesary shoots you in the head using a 12-7 sniper rifle and shuts down your server. This means that you need a good friend with access to backups to do the public service with hidden service failsafe thing. Your friend can then setup a hidden service when the advesary takes you out. * This brings up many other interesting problems, like how to protect your friend's identity to be revealed to the advesary before they take you out. I don't know if you know more tricks than me, but in the case where you offer the same content on a public and hidden server you probably should assume that the'll be on to you. One solution is to have someone else handle the hidden service - preferrably someone who can't be tied to you. There are probably others.