[email protected] writes: > Hi, > > I'm wondering how safe is it to use custom hidden service names (.onion). > I'm not asking this for public hidden services but for private ones (only > for myself or for friends). Using an easy to remember address just for > using TorChat could be a good example. Or it could be a personal cloud on > a hidden service. > > I'm actually wondering, who and how many people-server knows-learn about > my hidden service name, this is necessary to connect to a hidden service, > right? Can they be trusted or not? > > Some specific examples for my question could be, myrealnamexxxxxx.onion > homeaddressxxxxx.onion mycitynamexxxxxx.onion etc. which I'm asking, is it > ok for the "private" addresses to contain such risky information? > > Another question is, let's say I create and use some custom addresses > where each contain the same prefixes (or suffixes or simply have any > connection) like customnameasdasd.onion customname123123.onion > customname123456.onion etc. Can anybody notice that some people are using > some probably related custom .onion addresses at some certain times. Is > this kind of usage risky? > > There might be more examples about the risks of using custom addresses. > Please answer in detail as this could be useful for many people.
Greetings, with the current Hidden Service protocol, your onion address is leaked to a small number of Tor relays -- specifically, your onion address is leaked to the HSDirs that host and serve the descriptor of your Hidden Service (That's 6 HSDirs per time period and they rotate every some hours.). If your threat model includes those HSDirs being malicious (which should probably be the case), then I would advise you to not do stuff like homeaddressxxxxx.onion. For what it's worth, there has recently been some discussion on plugging that leak. You can find more information in: https://lists.torproject.org/pipermail/tor-dev/2013-August/005280.html https://trac.torproject.org/projects/tor/ticket/8106 cheerio! -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
