[tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?

Ben ben at gerbil.it
Tue May 19 11:22:02 UTC 2015


> > Are you doing anything the maximise the effect that (say) a ban based on
> > IP can have?
> 
> Ah, I see - I mistook your intent, please let me clarify:
> 
> From a threat perspective we basically treat our onion site like an
> large web proxy with a mix of (by far the majority) normal and
> (remainder) malicious activity emanating from it.
> 
> There are a bunch of such proxies "out there" on the net anyhow - e.g.:
> any Tor exit node - so having one more is not a big deal.
> 

Cool, that was pretty much my line of thinking - the protection offered
by an IP ban is minimal anyway, so it's not a major concern.


>>> If you accept payments by certain methods
>>> (non-anonymous) your liability skyrockets
>>> when those payments are issued using the onion.
>>>
>>There you go, there's a reason against.
>
> Incorrect. It's a reason to not accept those payment 
> methods from the onion.

And if it's the only form of payment you accept (or are willing to
accept)? It's not automatically a show-stopper, sure, but it may still
be a reason against.

There might also be other non-technical reasons against (such as the
example I gave you), but this discussion is not about whether it's a
good idea or not.


> I didn't say you asked for examples. I said you only consider by
> example. Which you just did. But that's besides the point. 

I've been considering and replying to the examples, yes, but it does not
mean they're the only thing I'm considering. Given the length of some of
my posts already, would you prefer I started including things that I've
thought about but no-one else has yet mentioned (there are in fact a
few)?

And, yes, you're right, in my last post, I definitely did precisely that
:)


> You plan to deploy on a locally run user site yet you claim 
> to be conscious of breaking the production server. It does not follow.

Probably because I failed to state that the set up for the two sites is
nigh on identical (with the exception that my personal site has a
caching reverse proxy in front of it). There will be differences I'll
need to account for, but those will should all be minor changes - I'd
assumed that it should be reasonably obvious I'd have considered whether
testing against a different site would constitute a valid test or not.



More information about the tor-talk mailing list