Delivery-Date: Mon, 03 Nov 2014 20:11:28 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E67DB1E0805;
	Mon,  3 Nov 2014 20:11:26 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 1634431618;
	Tue,  4 Nov 2014 01:11:20 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E722931556
 for <tor-talk@lists.torproject.org>; Tue,  4 Nov 2014 01:11:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id zwORwW1eC5Fy for <tor-talk@lists.torproject.org>;
 Tue,  4 Nov 2014 01:11:15 +0000 (UTC)
X-Greylist: delayed 397 seconds by postgrey-1.34 at eugeni;
 Tue, 04 Nov 2014 01:11:15 UTC
Received: from shell0.rawbw.com (shell0.rawbw.com [198.144.192.45])
 by eugeni.torproject.org (Postfix) with ESMTP id 95D1F315DA
 for <tor-talk@lists.torproject.org>; Tue,  4 Nov 2014 01:11:15 +0000 (UTC)
Received: from eagle.yuri.org (stunnel@localhost [127.0.0.1])
 (authenticated bits=0)
 by shell0.rawbw.com (8.14.4/8.14.4) with ESMTP id sA414Y37036242
 for <tor-talk@lists.torproject.org>; Mon, 3 Nov 2014 17:04:34 -0800 (PST)
 (envelope-from yuri@rawbw.com)
Message-ID: <54582622.3010107@rawbw.com>
Date: Mon, 03 Nov 2014 17:04:34 -0800
From: Yuri <yuri@rawbw.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <897050f0ce92d89e75646fc7e3743e21@riseup.net>
In-Reply-To: <897050f0ce92d89e75646fc7e3743e21@riseup.net>
Subject: Re: [tor-talk] securely run a hidden service
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

i've seen snippets of post-silk road "how to securely run a hidden 
service" [1] [2] but i haven't found a large list of steps needed to be 
taken that would tremendously help to prevent de-anonymisation.

can someone point me to a large list of things that should be done (or 
make one!) to prevent this?
On 11/03/2014 16:16, Michael Ball wrote:
> i've seen snippets of post-silk road "how to securely run a hidden 
> service" [1] [2] but i haven't found a large list of steps needed to 
> be taken that would tremendously help to prevent de-anonymisation.
>
> can someone point me to a large list of things that should be done (or 
> make one!) to prevent this?

I don't have a list.
But if you run HS in the virtual machine that is disconnected from 
internet, doesn't have any personal information on it, and the host only 
forwards HS requests to it (from the tor process), this should be quite 
bullet proof against identity leaks. And if you ever find yourself in 
the heightened state of paranoia about the off-chance that virtual 
machine can somehow leak the memory contents, the next logical step is 
to run HS on the physically separate machine, on the separate network, 
that is not connected to internet.

Yuri
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

