[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: public/hidden issues

> Is it a problem to offer the same content on a public and a hidden
> (Tor) http service? (I.e., does it leak enough information for
> useful attacks).

I have no idea why you would want this, but I do it just to make sure people 
have the address for the hidden http service so they can start using that if 
the public one goes away. This brings up many serious problems, like:

* You are NOT anonymous, depending on how you do it. There's domains by proxy 
and that kind of thing, though. The advesary can probably find out who you 
are using the public server.
* Then the advesary shoots you in the head using a 12-7 sniper rifle and shuts 
down your server. This means that you need a good friend with access to 
backups to do the public service with hidden service failsafe thing. Your 
friend can then setup a hidden service when the advesary takes you out.
* This brings up many other interesting problems, like how to protect your 
friend's identity to be revealed to the advesary before they take you out.

I don't know if you know more tricks than me, but in the case where you offer 
the same content on a public and hidden server you probably should assume 
that the'll be on to you. One solution is to have someone else handle the 
hidden service - preferrably someone who can't be tied to you. There are 
probably others.