Delivery-Date: Thu, 26 Jun 2014 04:12:02 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 13C281E0A70
	for <archiver@seul.org>; Thu, 26 Jun 2014 04:12:01 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9F7C62FA89;
	Thu, 26 Jun 2014 08:11:57 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 995242F9BF
 for <tor-talk@lists.torproject.org>; Thu, 26 Jun 2014 08:09:09 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id BSkZ9cfKe3d1 for <tor-talk@lists.torproject.org>;
 Thu, 26 Jun 2014 08:09:09 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 729DD2F94A
 for <tor-talk@lists.torproject.org>; Thu, 26 Jun 2014 08:09:09 +0000 (UTC)
Received: from fruiteater.riseup.net (fruiteater-pn.riseup.net [10.0.1.74])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id 0494E53A7E
 for <tor-talk@lists.torproject.org>; Thu, 26 Jun 2014 01:09:05 -0700 (PDT)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir@fruiteater.riseup.net)
 with ESMTPSA id 6ED5810ED
Message-ID: <53ABD51C.3050603@riseup.net>
Date: Thu, 26 Jun 2014 02:09:00 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <DUB121-W32E5B8525EB5756FB0DD73C8190@phx.gbl>, ,
 <53AB3C75.4020105@gmx.com>, <DUB121-W401DDF2EB0B4F36357ADA2C8190@phx.gbl>,
 <53AB742E.5000400@riseup.net> <DUB121-W1602424B2673FF14097129C8180@phx.gbl>
 <53ABAAFA.1040406@riseup.net>
 <C21E9389-F7C9-47E7-B475-A3D23C8C4F14@hidemeta.com>
In-Reply-To: <C21E9389-F7C9-47E7-B475-A3D23C8C4F14@hidemeta.com>
X-Enigmail-Version: 1.6
X-Virus-Scanned: clamav-milter 0.98.1 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Secure Hidden Service
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 06/26/2014 12:50 AM, Tor Talker wrote:
> On 25 Jun 2014, at 11:09 PM, Mirimir <mirimir@riseup.net> wrote:
> 
>> ... any Tor user can host a hidden service. But few people, even
>> experienced web engineers, know enough to do it securely enough.
>> Also, hidden services are far more vulnerable than Tor users,
>> simply because they serve stuff.
> 
> OK, I'll bite.
> 
> Are you saying that experienced web engineers are not capable of
> designing systems with security and anonymity in mind, or that that
> there are generally hidden risks in setting up the Tor rendezvous
> connection to a local server?  We can agree not to trust random
> software architects/implementors, but I can say with confidence that
> my team is very competent and security minded (though new to
> publishing Tor hidden services).
> 
> More to the point, do you have specific concerns regarding the
> Linux/Tor/Apache/Perl stack we are using?  We do sanitize error
> messages to prevent Apache from leaking system information, but
> that's really the only special effort other than maintaining good
> overall system security.
> 
> What sort of vulnerabilities would you expect to see?

Well, this Tor Blog entry[1] is a good place to start.

There's also a fundamental bind. Unless you physically control your
servers, they aren't really your servers. And so you want to avoid using
cloud services or hosted servers. But if you do physically control your
servers, you're directly associated with them. And you are betting the
farm that they won't be found (or on your lawyers).

Resolve that, and you have a great business plan :)

[1] https://blog.torproject.org/category/tags/hidden-services
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

