[tor-talk] securely run a hidden service

[Yuri]

i've seen snippets of post-silk road "how to securely run a hidden 
service" [1] [2] but i haven't found a large list of steps needed to be 
taken that would tremendously help to prevent de-anonymisation.

can someone point me to a large list of things that should be done (or 
make one!) to prevent this?
On 11/03/2014 16:16, Michael Ball wrote:
> i've seen snippets of post-silk road "how to securely run a hidden 
> service" [1] [2] but i haven't found a large list of steps needed to 
> be taken that would tremendously help to prevent de-anonymisation.
>
> can someone point me to a large list of things that should be done (or 
> make one!) to prevent this?

I don't have a list.
But if you run HS in the virtual machine that is disconnected from 
internet, doesn't have any personal information on it, and the host only 
forwards HS requests to it (from the tor process), this should be quite 
bullet proof against identity leaks. And if you ever find yourself in 
the heightened state of paranoia about the off-chance that virtual 
machine can somehow leak the memory contents, the next logical step is 
to run HS on the physically separate machine, on the separate network, 
that is not connected to internet.

Yuri