-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > The problem is that: > http://tor.eff.org/docs/tor-hidden-service.html.en > instructs the user to first test the setup with > Google as hidden service, and then switch to the real on, > using the same onion address: > > |Step Three: Connect your web server to your hidden service > | > |This part is very simple. Open up your torrc again, and change the > |HiddenServicePort line from "www.google.com:80" to "localhost:5222". > |Then restart Tor. Make sure that it's working by reloading your hidden > |service hostname in your browser. > > Sounds like a pretty bad idea to me too.
May sound like a bad idea, but does no harm at all. Google does not learn from your tests that you are providing a hidden service for it. The connections made during your tests are indistinguishable from other direct connections you make to Google everyday. There is no remark in them that they belong to a hidden service request. The only thing you should NOT do when setting up a hidden service after the above mentioned howto is to give the onion address to Google BEFORE changing to your own server. They could perform an altered request over Tor (e.g. for a non-existing resource) and find out which IP address requested that resource. In case you want to be absolutely sure, you can simply switch to a new onion address by deleting the hidden service key stored in your local hidden service directory. That forces Tor to create a new key, and you have a new onion address. Karsten -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGDoIM0M+WPffBEmURAp0zAJ9gSQiR2ea7y31cezm9QgpavQUFEgCfao/u IG8zijtXHWTMN87+BXCkJCI= =5Ekx -----END PGP SIGNATURE-----
