Example hidden service issue

Fabian Keil freebsd-listen at fabiankeil.de
Sat Mar 31 15:18:55 UTC 2007


Karsten Loesing <karsten.loesing at gmx.net> wrote:

> > In the documentation it tells you to set up an example hidden service
> > pointing at google.com, eg:
> > 
> > HiddenServicePort 80 www.google.com:80
> > 
> > I've just started looking at hidden services so I'm not exactly sure
> > how they work yet, but if I'm correct, by setting that up and testing
> > it surely you'll be connecting to www.google.com on port 80 from the
> > server with your hidden service and doing a:
> > 
> > GET / HTTP/1.1
> > Host: youronionaddress
> > 
> > Wont that give google a map of Real IP -> Hidden service name?
> 
> In fact, that is not the information you want to hide. The server that
> is to be hidden may know which Tor node is actually hiding it. Hidden
> services are meant to hide the locations of the servers (here: Google)
> from others.

The problem is that:
http://tor.eff.org/docs/tor-hidden-service.html.en
instructs the user to first test the setup with
Google as hidden service, and then switch to the real on,
using the same onion address:

|Step Three: Connect your web server to your hidden service
|
|This part is very simple. Open up your torrc again, and change the
|HiddenServicePort line from "www.google.com:80" to "localhost:5222".
|Then restart Tor. Make sure that it's working by reloading your hidden
|service hostname in your browser.

Sounds like a pretty bad idea to me too.

Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070331/4d005d93/attachment.pgp>


More information about the tor-talk mailing list