Yes, this is correct. Some remarks:
Allen:
> To summarize, the info leakages for HS that do not use authorization are:
>
> - World at large can discover onion address using various directory
> enumeration techniques.
> - HS directory can track HS descriptor uploads and downloads and tie
> those t
As soon as You "publish" the site it Will be added to the directory and someone
will know
Allen skrev: (21 december 2016 21:19:52 CET)
>Hi Flipchan, I'm not concerned with limiting access--I'm concerned
>with who if anyone is able to detect the existence and activity of the
>HS, and more specifi
Sent from Fu's iPhone
> On Dec 21, 2016, at 12:59 PM, Allen wrote:
>
> I have a question about the privacy of hidden services. Let's say I
> create a tor hidden service and privately send the onion address to
> only two other people. Would anyone outside of myself and those two
> people be a
From the discussion and studying the specs, my understanding is that:
The HS directory servers receive the HS public key aka onion address.
The information leakages are: (1) through various HSdir enumeration
techniques, the world at large can discover the HS public key and
onion address; (2) the
Hi Flipchan, I'm not concerned with limiting access--I'm concerned
with who if anyone is able to detect the existence and activity of the
HS, and more specifically at this point, who is able to detect the
existence and activity of a HS that uses stealth auth when the onion
address is only distribut
Limit access for unwanted registerd like he says have A page and use
/jdjenwlsishdjshdysoalwjdbebs instead of /login
Allen skrev: (21 december 2016 20:57:47 CET)
>> So yes, ideally encrypt your Introduction Points (basic) and
>obfuscate
>> identity keys (stealth) [this also encrypts sets of IPs
> So yes, ideally encrypt your Introduction Points (basic) and obfuscate
> identity keys (stealth) [this also encrypts sets of IPs]. Non-ideally,
> use random slugs in URLs as OnionShare does (if you're doing web).
ok, I'm not sure I completely understand. If my HS uses stealth auth,
what data re
There are researchers who monitor the HSDir to keep some stats on what goes Up
and what goes down, general server security is A Good start. You can password
protect alot. And restrict alot, then dissallow usr agents and so on
Allen skrev: (21 december 2016 18:59:59 CET)
>I have a question about
Allen:
> I have a question about the privacy of hidden services. Let's say I
> create a tor hidden service and privately send the onion address to
> only two other people. Would anyone outside of myself and those two
> people be able to determine the onion address or monitor activity
> related to
On 21 Dec (19:37:13), Aeris wrote:
> > Would anyone outside of myself and those two
> > people be able to determine the onion address
>
> Yes. Your onion address is published on a DHT, hosted accross all nodes with
> HSDir flag. Some bad behaviouring relays try to enumerate all onion addresses
>
> Would anyone outside of myself and those two
> people be able to determine the onion address
Yes. Your onion address is published on a DHT, hosted accross all nodes with
HSDir flag. Some bad behaviouring relays try to enumerate all onion addresses
by massive HSDir node creation to fetch differ
I have a question about the privacy of hidden services. Let's say I
create a tor hidden service and privately send the onion address to
only two other people. Would anyone outside of myself and those two
people be able to determine the onion address or monitor activity
related to the hidden servi
12 matches
Mail list logo
