[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.



On 09/09/2014 10:26 PM, Griffin Boyce wrote:

<SNIP>

> Things that are important to note for hidden service operators:
>   - Firewall rules are really useful for keeping out unwarranted scrutiny.

It's also good to have server and tor process in separate machines, or
at least in separate VMs, and to configure both machines such that the
server can't reach anything except the tor process.

>   - Don't hardcode your IP address in any links (though this is one of
> the least-likely theories).
>   - Having a pseudonym isn't a replacement for excellent security
> practices.
>   - Don't run a hidden service host.

Do you mean to say not to run one at home, work, a friend's house, etc?

>   - For best security, run your own services rather than relying on
> someone else's security.  I feel like this is often overlooked in the
> name of "easiness" but it's really important IMO. [1]
> 
> best,
> Griffin
> 
> [1] Incidentally, the hidden service documentation rewrite has been
> underway for a while now.
> [2] As Salvador Dali once said "I don't do drugs, I *am* drugs." #fact
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk