[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Secure Hidden Service (was: Re: ... Illegal Activity As A Metric ...)



On 25 Jun 2014, at 11:09 PM, Mirimir <mirimir@xxxxxxxxxx> wrote:

> ... any Tor user can host a
> hidden service. But few people, even experienced web engineers, know
> enough to do it securely enough. Also, hidden services are far more
> vulnerable than Tor users, simply because they serve stuff.

OK, I'll bite.

Are you saying that experienced web engineers are not capable of designing systems with security and anonymity in mind, or that that there are generally hidden risks in setting up the Tor rendezvous connection to a local server?  We can agree not to trust random software architects/implementors, but I can say with confidence that my team is very competent and security minded (though new to publishing Tor hidden services).

More to the point, do you have specific concerns regarding the Linux/Tor/Apache/Perl stack we are using?  We do sanitize error messages to prevent Apache from leaking system information, but that's really the only special effort other than maintaining good overall system security.

What sort of vulnerabilities would you expect to see?


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk