At 04:53 AM 3/6/2013 -0500, you wrote: >On Wed, Mar 06, 2013 at 01:12:47AM -0600, Anthony Papillion wrote: >> I'm involved in a project that will ultimately run a website as a >> hidden service. Because of the content if the site (not child porn >> or gambling) we're concerned about how easy a Tor connected server >> is to find. > >Hidden services are definitely weaker than regular Tor circuits, a) >because the adversary can induce them to speak,
Care to elaborate on that? You mean timing attacks (based on the fact that hidden servers 'speak' to clients?) ? Or the owner of the service leaking information about himself by mistake? Or? > and b) because they stay >at the same place over time. Mostly 'a'. > >That said, there are plenty of hidden services out there, and few >stories of people breaking their anonymity by breaking Tor. So they're >not foolproof for sure, but they're also not trivial to deanonymize. > >I'll turn it around, and ask "easy compared to what?" > >> Also, are there best practices to securely hosting a >> server on Tor? > >I wrote some suggestions on the second-to-last bullet point of >https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian-police >A lot of it depends on your expected adversary, and on how much you care. > >--Roger > >_______________________________________________ >tor-talk mailing list >tor-talk@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk