> Matt -- I'd like to accept a patch like this. Can you explain to me > what it would do for Tor's storage, though? J Random User shouldn't > be able to read Tor's private keys -- can this happen if Tor runs as > "NT AUTHORITY\LocalService" ? If so, what is the real solution? If the service is set to run as LocalService, other limited users should not be able to see its data directory. I know the subject of what location is best for Tor to use as its default data directory on Windows has been discussed at least once or twice, but I don't believe a satisfactory solution was determined. This becomes a problem when someone sets up their server while running non-service Tor, then installs Tor as a service, and then things break because Tor is now using LocalService\App Data instead of UserName\App Data. Similarly, if someone sets up their server while running the Tor service as LocalService, and then wants to run it as non-service Tor, non-service Tor wouldn't know to look in (and wouldn't be able to read) LocalService\App Data. It seems that Tor would have to use All Users\App Data for Tor to be able to switch seamlessly between service and non-service Tor. Of course, this would be bad because then all users would be able to read the server's private keys. Is it acceptable to say "run Tor either as a service or as a normal console app. If you want to switch back and forth, you're on your own?" If so, I think it would be safe to say that if you're running Tor as a service, then Tor will use LocalService\App Data for everything (including the torrc file). Else, Tor will use UserName\App Data for everything (including the torrc file).