
> Hi,
> I'm wondering how safe is it to use custom hidden service names (.onion).
> I'm not asking this for public hidden services but for private ones (only
> for myself or for friends). Using an easy to remember address just for
> using TorChat could be a good example. Or it could be a personal cloud on
> a hidden service.
> I'm actually wondering, who and how many people-server knows-learn about
> my hidden service name, this is necessary to connect to a hidden service,
> right? Can they be trusted or not?
> Some specific examples for my question could be, myrealnamexxxxxx.onion
> homeaddressxxxxx.onion mycitynamexxxxxx.onion etc. which I'm asking, is it
> ok for the "private" addresses to contain such risky information?
> Another question is, let's say I create and use some custom addresses
> where each contain the same prefixes (or suffixes or simply have any
> connection) like customnameasdasd.onion customname123123.onion
> customname123456.onion etc. Can anybody notice that some people are using
> some probably related custom .onion addresses at some certain times. Is
> this kind of usage risky?
> There might be more examples about the risks of using custom addresses.
> Please answer in detail as this could be useful for many people.


with the current Hidden Service protocol, your onion address is leaked
to a small number of Tor relays -- specifically, your onion address is
leaked to the HSDirs that host and serve the descriptor of your Hidden
Service (That's 6 HSDirs per time period and they rotate every some

If your threat model includes those HSDirs being malicious (which
should probably be the case), then I would advise you to not do stuff
like homeaddressxxxxx.onion.

For what it's worth, there has recently been some discussion on
plugging that leak. You can find more information in:

tor-talk mailing list -
To unsusbscribe or change other settings go to

Reply via email to