Delivery-Date: Wed, 10 Sep 2014 12:50:05 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 607C71E0551;
	Wed, 10 Sep 2014 12:50:04 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 41E6C2DDDF;
	Wed, 10 Sep 2014 16:49:56 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 652442D2F7
 for <tor-talk@lists.torproject.org>; Wed, 10 Sep 2014 16:49:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id aYc-qTGswqtk for <tor-talk@lists.torproject.org>;
 Wed, 10 Sep 2014 16:49:51 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 328D12C164
 for <tor-talk@lists.torproject.org>; Wed, 10 Sep 2014 16:49:50 +0000 (UTC)
Received: from plantcutter.riseup.net (plantcutter-pn.riseup.net [10.0.1.121])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net", Issuer "Gandi Standard SSL CA" (not verified))
 by mx1.riseup.net (Postfix) with ESMTPS id B1DD5479BB;
 Wed, 10 Sep 2014 09:49:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1410367787; bh=dnx4Fb6HquybH24JZfuRoSdGO6KA/zgNslhaY7+OH+Y=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=qhvoih22R1ANvkTmrbtqSlXhtqNDszJ9eHBrVA3B+PYNYDrEGaif9ViG9zeqP+jpd
 fO2fsWxvHdJmtXDc3ewsRHDP1ZWYVmhkbsGt7WTp6ZE1rjc2vIapXY35hesfj6wsZj
 qR1Fe7wSsYxhYd9SHb+uje/coc5F/oI/fFeJOVcQ=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id 920AB22DFC
Message-ID: <54108127.9050706@riseup.net>
Date: Wed, 10 Sep 2014 10:49:43 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Griffin Boyce <griffin@cryptolab.net>, tor-talk@lists.torproject.org
References: <4dbf80e1a3ae8b182a15ea2af6fa10dc@openmailbox.org>
 <20140814001854.GO8819@moria.seul.org>
 <cd0f0f8d006df59c665f6e8cba21e16f@openmailbox.org>
 <540D5911.1060506@riseup.net>
 <7f4a7e28fce1849455b0d162fddf059f@cryptolab.net>
 <540D685A.9080600@riseup.net>
 <c31b4308564c424f53838ac19d02a2cc@cryptolab.net>
 <540FBDB9.30509@technoskald.me>
 <d99a66e76527ecf9696bd35286fa4cc0@cryptolab.net>
In-Reply-To: <d99a66e76527ecf9696bd35286fa4cc0@cryptolab.net>
X-Virus-Scanned: clamav-milter 0.98.4 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 09/09/2014 10:26 PM, Griffin Boyce wrote:

<SNIP>

> Things that are important to note for hidden service operators:
>   - Firewall rules are really useful for keeping out unwarranted scrutiny.

It's also good to have server and tor process in separate machines, or
at least in separate VMs, and to configure both machines such that the
server can't reach anything except the tor process.

>   - Don't hardcode your IP address in any links (though this is one of
> the least-likely theories).
>   - Having a pseudonym isn't a replacement for excellent security
> practices.
>   - Don't run a hidden service host.

Do you mean to say not to run one at home, work, a friend's house, etc?

>   - For best security, run your own services rather than relying on
> someone else's security.  I feel like this is often overlooked in the
> name of "easiness" but it's really important IMO. [1]
> 
> best,
> Griffin
> 
> [1] Incidentally, the hidden service documentation rewrite has been
> underway for a while now.
> [2] As Salvador Dali once said "I don't do drugs, I *am* drugs." #fact
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

