Create account

Log in

Book Discussion

Read Edit View history

Search

Main Page Help Browse Cookbook Wikijunior Featured books Recent changes Donations Random book Community Reading room Community portal Bulletin Board Help out! Policies and guidelines Contact us Toolbox Sister projects

How to Protect your Internet Anonymity and Privacy/TOR Hidden Service for Anonymous Websites
< How to Protect your Internet Anonymity and Privacy This page may need to be review ed for quality.

TOR Hidden Service for Anonymous Websites TOR Hidden Service allows you to host a website, without revealing where the website is, and hence protects the identity of the publisher/webmaster. Other than the speed, the downside is the special .onion address. You have to install TOR to access these "hidden" websites. But with intermediate services like tor2web , the public have immediate access to these websites. With a hidden service in the cloud, the security and availability are increased.

TOR Hidden Service Setup

[edit]

If you have a TOR node setup successfully as in other sections, you only need to add two lines to your torrc file: HiddenServiceDir /home/ubuntu/hidden_service HiddenServicePort 80 127.0.0.1:80 Currently, for Ubuntu instants on EC2, the default user name is ubuntu. From the Hidden Service Directory, you can find your .onion address and the encryption keys that you may want to backup. The Hidden Service Port allows the .onion URL to have a port number, the same as ordinary full URL's. The
Are you a developer? Try out the HTML to PDF API

open in browser PRO version

pdfcrowd.com

Print/export

requests are redirected, or binded, to the real host. In this case the real host is also the local machine, 127.0.0.1, at port 80, default for http. The Hidden Service is independent on the other service provided on your TOR node. But for anonymity and bandwidth considerations, the only combinations that make sense are hidden service plus a private bridge or intermediate node. Entry nodes and exit nodes require that you node IP be published.

Setting up a secure web server

[edit]

Apache is the default web server on Linux machines, but as the TOR developers suggest, no web servers were designed with hidden services in mind. There are successors of Apache with security in mind, faster, and support also the full LAMP stack of software. But the installation are not yet as simple as an apt-get. The TOR developers recommend thttpd, which you can install in Ubuntu by: sudo apt-get install thttpd This web server may not start if it detects other web servers already present, and it is disabled by default, in contrast to other web servers. To find and kill other web servers: ps aux | grep apache sudo killall apache2 To enable thttpd, edit the file /etc/default/thttpd, and change: ENABLED=yes There are minimum configurations on /etc/thttpd/thttpd.conf to be a hidden service: port=80 host=127.0.0.1 dir=/var/www Here the location of the webpages are set to the default as other web servers, at /var/www. The port number and host IP agrees with the TOR setup. In addition, thttd will only accept requests from the localhost, where the TOR node is operating. Without binding the host, you can get the same pages direct
open in browser PRO version
Are you a developer? Try out the HTML to PDF API

pdfcrowd.com

from the IP address of the host, and from the Hidden Service, proving that they are in fact one. Of course, your adversary need to be suspicious about a particular IP address that is hosting the content. Not hosting your hidden website via your home or office ISP adds security. Given the suspicion of a particular IP, the other way to detect the hidden service is to use traffic analysis. When you request a webpage from the hidden service, there should be outgoing traffic at the suspicious IP pretty soon. But the outgoing traffic can be hidden by operating the TOR node at the same time, as some sort of high capacity node. Category: How to Protect your Internet Anonymity and Privacy

This page w as last modified on 27 August 2011, at 20:36. Text is available under the Creative Commons Attribution/Share-Alike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Privacy policy About Wikibooks Disclaimers Mobile view

open in browser PRO version

Are you a developer? Try out the HTML to PDF API

pdfcrowd.com