[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?

On Fri, Sep 17, 2010 at 10:41 PM, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> If your hidden service really needs to be annoying to find, run it:
> * using only well-written, secure software,
> * in a VM with no access to physical network hardware,
> * on a (physical) computer with no non-hidden services of any kind
> Ârunning on it (so that an attacker can't use Dr. Murdoch's âHot or
> ÂNotâ clock-skew detection attack),
> * and over a fast enough Internet connection that the adversary cannot
> Âeasily determine your connection's speed.

I think you've missed some points.

* The (Virtual) machine running the hidden service should probably
also have no _outbound_ network connectivity except via tor.

This is because it can be even easier to trick a software on a server
into making a network connection than it is to remotely compromise the
server. E.g. your GNU/Linux distribution may have installed some extra
CGIs in your webserver that you are unaware of...

And here is a potentially controversial suggestion, lets see what
others say about it:

* You should run your hidden service behind tor bridges rather than
directly connecting to the tor network.

The rationale for this suggestion is that it may make it more
difficult for a network observer to enumerate a list of tor clients in
order to apply things like the clock-skew attack or subject them to
additional network surveillance.

> The above precautions are probably enough, unless a three-letter agency
> (or four-letter association) knows about your hidden service and wants
> to find and âneutralizeâ its operator.  In that case, you have to worry
> about the near-global passive adversary and other threats that Tor
> can't afford to defeat.

I fear that you're overstating the security provided.

For example, I think that if you managed to piss off the ISP community
vigilantes that go after spammers and botnets that they would have a
decent chance of tracking you down in spite of your efforts to stay
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/